fix: update support template

.env.example

@@ -132,6 +132,3 @@ DATADOG_PROFILING_ENABLED=
 DATADOG_ENV=
 DATADOG_SERVICE=
 DATADOG_HOSTNAME=
-
-# kubernetes
-KUBERNETES_AUTO_FETCH_SERVICE_ACCOUNT_TOKEN=false

Dockerfile.standalone-infisical

@@ -34,7 +34,6 @@ ARG INFISICAL_PLATFORM_VERSION
 ENV VITE_INFISICAL_PLATFORM_VERSION $INFISICAL_PLATFORM_VERSION
 ARG CAPTCHA_SITE_KEY
 ENV VITE_CAPTCHA_SITE_KEY $CAPTCHA_SITE_KEY
-ENV NODE_OPTIONS="--max-old-space-size=8192"
 
 # Build
 RUN npm run build
@@ -78,7 +77,6 @@ RUN npm ci --only-production
 COPY /backend .
 COPY --chown=non-root-user:nodejs standalone-entrypoint.sh standalone-entrypoint.sh
 RUN npm i -D tsconfig-paths
-ENV NODE_OPTIONS="--max-old-space-size=8192"
 RUN npm run build
 
 # Production stage

backend/src/db/knexfile.ts

@@ -4,7 +4,6 @@ import "ts-node/register";
 import dotenv from "dotenv";
 import type { Knex } from "knex";
 import path from "path";
-import { initLogger } from "@app/lib/logger";
 
 // Update with your config settings. .
 dotenv.config({
@@ -14,8 +13,6 @@ dotenv.config({
   path: path.join(__dirname, "../../../.env")
 });
 
-initLogger();
-
 export default {
   development: {
     client: "postgres",

backend/src/db/migrations/20250710022434_add-index-for-access-token.ts

@@ -1,46 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-const MIGRATION_TIMEOUT = 30 * 60 * 1000; // 30 minutes
-
-export async function up(knex: Knex): Promise<void> {
-  const result = await knex.raw("SHOW statement_timeout");
-  const originalTimeout = result.rows[0].statement_timeout;
-
-  try {
-    await knex.raw(`SET statement_timeout = ${MIGRATION_TIMEOUT}`);
-
-    // iat means IdentityAccessToken
-    await knex.raw(`
-          CREATE INDEX IF NOT EXISTS idx_iat_identity_id 
-          ON ${TableName.IdentityAccessToken} ("identityId")
-        `);
-
-    await knex.raw(`
-          CREATE INDEX IF NOT EXISTS idx_iat_ua_client_secret_id 
-          ON ${TableName.IdentityAccessToken} ("identityUAClientSecretId")
-        `);
-  } finally {
-    await knex.raw(`SET statement_timeout = '${originalTimeout}'`);
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  const result = await knex.raw("SHOW statement_timeout");
-  const originalTimeout = result.rows[0].statement_timeout;
-
-  try {
-    await knex.raw(`SET statement_timeout = ${MIGRATION_TIMEOUT}`);
-
-    await knex.raw(`
-          DROP INDEX IF EXISTS idx_iat_identity_id
-        `);
-
-    await knex.raw(`
-          DROP INDEX IF EXISTS idx_iat_ua_client_secret_id
-        `);
-  } finally {
-    await knex.raw(`SET statement_timeout = '${originalTimeout}'`);
-  }
-}

backend/src/db/migrations/20250710115149_required-path-on-approval-policies.ts

@@ -1,55 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "../schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  const existingSecretApprovalPolicies = await knex(TableName.SecretApprovalPolicy)
-    .whereNull("secretPath")
-    .orWhere("secretPath", "");
-
-  const existingAccessApprovalPolicies = await knex(TableName.AccessApprovalPolicy)
-    .whereNull("secretPath")
-    .orWhere("secretPath", "");
-
-  // update all the secret approval policies secretPath to be "/**"
-  if (existingSecretApprovalPolicies.length) {
-    await knex(TableName.SecretApprovalPolicy)
-      .whereIn(
-        "id",
-        existingSecretApprovalPolicies.map((el) => el.id)
-      )
-      .update({
-        secretPath: "/**"
-      });
-  }
-
-  // update all the access approval policies secretPath to be "/**"
-  if (existingAccessApprovalPolicies.length) {
-    await knex(TableName.AccessApprovalPolicy)
-      .whereIn(
-        "id",
-        existingAccessApprovalPolicies.map((el) => el.id)
-      )
-      .update({
-        secretPath: "/**"
-      });
-  }
-
-  await knex.schema.alterTable(TableName.SecretApprovalPolicy, (table) => {
-    table.string("secretPath").notNullable().alter();
-  });
-
-  await knex.schema.alterTable(TableName.AccessApprovalPolicy, (table) => {
-    table.string("secretPath").notNullable().alter();
-  });
-}
-
-export async function down(knex: Knex): Promise<void> {
-  await knex.schema.alterTable(TableName.SecretApprovalPolicy, (table) => {
-    table.string("secretPath").nullable().alter();
-  });
-
-  await knex.schema.alterTable(TableName.AccessApprovalPolicy, (table) => {
-    table.string("secretPath").nullable().alter();
-  });
-}

backend/src/db/migrations/20250710153448_adjust-approval-request-user-cols.ts

@@ -1,35 +0,0 @@
-import { Knex } from "knex";
-
-import { TableName } from "@app/db/schemas";
-
-export async function up(knex: Knex): Promise<void> {
-  const hasCommitterCol = await knex.schema.hasColumn(TableName.SecretApprovalRequest, "committerUserId");
-
-  if (hasCommitterCol) {
-    await knex.schema.alterTable(TableName.SecretApprovalRequest, (tb) => {
-      tb.uuid("committerUserId").nullable().alter();
-    });
-  }
-
-  const hasRequesterCol = await knex.schema.hasColumn(TableName.AccessApprovalRequest, "requestedByUserId");
-
-  if (hasRequesterCol) {
-    await knex.schema.alterTable(TableName.AccessApprovalRequest, (tb) => {
-      tb.dropForeign("requestedByUserId");
-      tb.foreign("requestedByUserId").references("id").inTable(TableName.Users).onDelete("CASCADE");
-    });
-  }
-}
-
-export async function down(knex: Knex): Promise<void> {
-  // can't undo committer nullable
-
-  const hasRequesterCol = await knex.schema.hasColumn(TableName.AccessApprovalRequest, "requestedByUserId");
-
-  if (hasRequesterCol) {
-    await knex.schema.alterTable(TableName.AccessApprovalRequest, (tb) => {
-      tb.dropForeign("requestedByUserId");
-      tb.foreign("requestedByUserId").references("id").inTable(TableName.Users).onDelete("SET NULL");
-    });
-  }
-}

backend/src/db/migrations/20250711005900_github-app-connection-to-environments.ts

@@ -1,66 +0,0 @@
-import { Knex } from "knex";
-
-import { inMemoryKeyStore } from "@app/keystore/memory";
-import { selectAllTableCols } from "@app/lib/knex";
-
-import { TableName } from "../schemas";
-import { getMigrationEnvConfig } from "./utils/env-config";
-import { getMigrationEncryptionServices } from "./utils/services";
-
-export async function up(knex: Knex) {
-  const existingSuperAdminsWithGithubConnection = await knex(TableName.SuperAdmin)
-    .select(selectAllTableCols(TableName.SuperAdmin))
-    .whereNotNull(`${TableName.SuperAdmin}.encryptedGitHubAppConnectionClientId`);
-
-  const envConfig = getMigrationEnvConfig();
-  const keyStore = inMemoryKeyStore();
-  const { kmsService } = await getMigrationEncryptionServices({ envConfig, keyStore, db: knex });
-
-  const decryptor = kmsService.decryptWithRootKey();
-  const encryptor = kmsService.encryptWithRootKey();
-
-  const tasks = existingSuperAdminsWithGithubConnection.map(async (admin) => {
-    const overrides = (
-      admin.encryptedEnvOverrides ? JSON.parse(decryptor(Buffer.from(admin.encryptedEnvOverrides)).toString()) : {}
-    ) as Record<string, string>;
-
-    if (admin.encryptedGitHubAppConnectionClientId) {
-      overrides.INF_APP_CONNECTION_GITHUB_APP_CLIENT_ID = decryptor(
-        admin.encryptedGitHubAppConnectionClientId
-      ).toString();
-    }
-
-    if (admin.encryptedGitHubAppConnectionClientSecret) {
-      overrides.INF_APP_CONNECTION_GITHUB_APP_CLIENT_SECRET = decryptor(
-        admin.encryptedGitHubAppConnectionClientSecret
-      ).toString();
-    }
-
-    if (admin.encryptedGitHubAppConnectionPrivateKey) {
-      overrides.INF_APP_CONNECTION_GITHUB_APP_PRIVATE_KEY = decryptor(
-        admin.encryptedGitHubAppConnectionPrivateKey
-      ).toString();
-    }
-
-    if (admin.encryptedGitHubAppConnectionSlug) {
-      overrides.INF_APP_CONNECTION_GITHUB_APP_SLUG = decryptor(admin.encryptedGitHubAppConnectionSlug).toString();
-    }
-
-    if (admin.encryptedGitHubAppConnectionId) {
-      overrides.INF_APP_CONNECTION_GITHUB_APP_ID = decryptor(admin.encryptedGitHubAppConnectionId).toString();
-    }
-
-    const encryptedEnvOverrides = encryptor(Buffer.from(JSON.stringify(overrides)));
-
-    await knex(TableName.SuperAdmin).where({ id: admin.id }).update({
-      encryptedEnvOverrides
-    });
-  });
-
-  await Promise.all(tasks);
-}
-
-export async function down() {
-  // No down migration needed as this migration is only for data transformation
-  // and does not change the schema.
-}

backend/src/db/schemas/access-approval-policies-approvers.ts

@@ -14,8 +14,8 @@ export const AccessApprovalPoliciesApproversSchema = z.object({
   updatedAt: z.date(),
   approverUserId: z.string().uuid().nullable().optional(),
   approverGroupId: z.string().uuid().nullable().optional(),
-  sequence: z.number().default(1).nullable().optional(),
+  sequence: z.number().default(0).nullable().optional(),
-  approvalsRequired: z.number().nullable().optional()
+  approvalsRequired: z.number().default(1).nullable().optional()
 });
 
 export type TAccessApprovalPoliciesApprovers = z.infer<typeof AccessApprovalPoliciesApproversSchema>;

backend/src/db/schemas/access-approval-policies.ts

@@ -11,7 +11,7 @@ export const AccessApprovalPoliciesSchema = z.object({
   id: z.string().uuid(),
   name: z.string(),
   approvals: z.number().default(1),
-  secretPath: z.string(),
+  secretPath: z.string().nullable().optional(),
   envId: z.string().uuid(),
   createdAt: z.date(),
   updatedAt: z.date(),

backend/src/db/schemas/certificate-authorities.ts

@@ -12,8 +12,8 @@ export const CertificateAuthoritiesSchema = z.object({
   createdAt: z.date(),
   updatedAt: z.date(),
   projectId: z.string(),
-  status: z.string(),
   enableDirectIssuance: z.boolean().default(true),
+  status: z.string(),
   name: z.string()
 });
 

backend/src/db/schemas/certificates.ts

@@ -25,8 +25,8 @@ export const CertificatesSchema = z.object({
   certificateTemplateId: z.string().uuid().nullable().optional(),
   keyUsages: z.string().array().nullable().optional(),
   extendedKeyUsages: z.string().array().nullable().optional(),
-  projectId: z.string(),
+  pkiSubscriberId: z.string().uuid().nullable().optional(),
-  pkiSubscriberId: z.string().uuid().nullable().optional()
+  projectId: z.string()
 });
 
 export type TCertificates = z.infer<typeof CertificatesSchema>;

backend/src/db/schemas/secret-approval-policies.ts

@@ -10,7 +10,7 @@ import { TImmutableDBKeys } from "./models";
 export const SecretApprovalPoliciesSchema = z.object({
   id: z.string().uuid(),
   name: z.string(),
-  secretPath: z.string(),
+  secretPath: z.string().nullable().optional(),
   approvals: z.number().default(1),
   envId: z.string().uuid(),
   createdAt: z.date(),

backend/src/db/schemas/secret-approval-requests.ts

@@ -18,7 +18,7 @@ export const SecretApprovalRequestsSchema = z.object({
   createdAt: z.date(),
   updatedAt: z.date(),
   isReplicated: z.boolean().nullable().optional(),
-  committerUserId: z.string().uuid().nullable().optional(),
+  committerUserId: z.string().uuid(),
   statusChangedByUserId: z.string().uuid().nullable().optional(),
   bypassReason: z.string().nullable().optional()
 });

backend/src/ee/routes/v1/access-approval-policy-router.ts

@@ -2,7 +2,6 @@ import { nanoid } from "nanoid";
 import { z } from "zod";
 
 import { ApproverType, BypasserType } from "@app/ee/services/access-approval-policy/access-approval-policy-types";
-import { removeTrailingSlash } from "@app/lib/fn";
 import { EnforcementLevel } from "@app/lib/types";
 import { readLimit, writeLimit } from "@app/server/config/rateLimiter";
 import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
@@ -20,7 +19,7 @@ export const registerAccessApprovalPolicyRouter = async (server: FastifyZodProvi
       body: z.object({
         projectSlug: z.string().trim(),
         name: z.string().optional(),
-        secretPath: z.string().trim().min(1, { message: "Secret path cannot be empty" }).transform(removeTrailingSlash),
+        secretPath: z.string().trim().default("/"),
         environment: z.string(),
         approvers: z
           .discriminatedUnion("type", [
@@ -175,9 +174,8 @@ export const registerAccessApprovalPolicyRouter = async (server: FastifyZodProvi
         secretPath: z
           .string()
           .trim()
-          .min(1, { message: "Secret path cannot be empty" })
           .optional()
-          .transform((val) => (val ? removeTrailingSlash(val) : val)),
+          .transform((val) => (val === "" ? "/" : val)),
         approvers: z
           .discriminatedUnion("type", [
             z.object({

backend/src/ee/routes/v1/secret-approval-policy-router.ts

@@ -23,8 +23,10 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
         environment: z.string(),
         secretPath: z
           .string()
-          .min(1, { message: "Secret path cannot be empty" })
+          .optional()
-          .transform((val) => removeTrailingSlash(val)),
+          .nullable()
+          .default("/")
+          .transform((val) => (val ? removeTrailingSlash(val) : val)),
         approvers: z
           .discriminatedUnion("type", [
             z.object({ type: z.literal(ApproverType.Group), id: z.string() }),
@@ -98,10 +100,10 @@ export const registerSecretApprovalPolicyRouter = async (server: FastifyZodProvi
         approvals: z.number().min(1).default(1),
         secretPath: z
           .string()
-          .trim()
-          .min(1, { message: "Secret path cannot be empty" })
           .optional()
-          .transform((val) => (val ? removeTrailingSlash(val) : undefined)),
+          .nullable()
+          .transform((val) => (val ? removeTrailingSlash(val) : val))
+          .transform((val) => (val === "" ? "/" : val)),
         enforcementLevel: z.nativeEnum(EnforcementLevel).optional(),
         allowedSelfApprovals: z.boolean().default(true)
       }),

backend/src/ee/routes/v1/secret-approval-request-router.ts

@@ -58,7 +58,7 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
               deletedAt: z.date().nullish(),
               allowedSelfApprovals: z.boolean()
             }),
-            committerUser: approvalRequestUser.nullish(),
+            committerUser: approvalRequestUser,
             commits: z.object({ op: z.string(), secretId: z.string().nullable().optional() }).array(),
             environment: z.string(),
             reviewers: z.object({ userId: z.string(), status: z.string() }).array(),
@@ -141,8 +141,7 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
     },
     onRequest: verifyAuth([AuthMode.JWT]),
     handler: async (req) => {
-      const { approval, projectId, secretMutationEvents } =
+      const { approval } = await server.services.secretApprovalRequest.mergeSecretApprovalRequest({
-        await server.services.secretApprovalRequest.mergeSecretApprovalRequest({
         actorId: req.permission.id,
         actor: req.permission.type,
         actorAuthMethod: req.permission.authMethod,
@@ -150,30 +149,6 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
         approvalId: req.params.id,
         bypassReason: req.body.bypassReason
       });
-
-      await server.services.auditLog.createAuditLog({
-        ...req.auditLogInfo,
-        orgId: req.permission.orgId,
-        projectId,
-        event: {
-          type: EventType.SECRET_APPROVAL_MERGED,
-          metadata: {
-            mergedBy: req.permission.id,
-            secretApprovalRequestSlug: approval.slug,
-            secretApprovalRequestId: approval.id
-          }
-        }
-      });
-
-      for await (const event of secretMutationEvents) {
-        await server.services.auditLog.createAuditLog({
-          ...req.auditLogInfo,
-          orgId: req.permission.orgId,
-          projectId,
-          event
-        });
-      }
-
       return { approval };
     }
   });
@@ -308,7 +283,7 @@ export const registerSecretApprovalRequestRouter = async (server: FastifyZodProv
               }),
               environment: z.string(),
               statusChangedByUser: approvalRequestUser.optional(),
-              committerUser: approvalRequestUser.nullish(),
+              committerUser: approvalRequestUser,
               reviewers: approvalRequestUser.extend({ status: z.string(), comment: z.string().optional() }).array(),
               secretPath: z.string(),
               commits: secretRawSchema

backend/src/ee/services/access-approval-policy/access-approval-policy-dal.ts

@@ -53,7 +53,7 @@ export interface TAccessApprovalPolicyDALFactory
       envId: string;
       enforcementLevel: string;
       allowedSelfApprovals: boolean;
-      secretPath: string;
+      secretPath?: string | null | undefined;
       deletedAt?: Date | null | undefined;
       environment: {
         id: string;
@@ -93,7 +93,7 @@ export interface TAccessApprovalPolicyDALFactory
         envId: string;
         enforcementLevel: string;
         allowedSelfApprovals: boolean;
-        secretPath: string;
+        secretPath?: string | null | undefined;
         deletedAt?: Date | null | undefined;
         environment: {
           id: string;
@@ -116,7 +116,7 @@ export interface TAccessApprovalPolicyDALFactory
     envId: string;
     enforcementLevel: string;
     allowedSelfApprovals: boolean;
-    secretPath: string;
+    secretPath?: string | null | undefined;
     deletedAt?: Date | null | undefined;
   }>;
   findLastValidPolicy: (
@@ -138,7 +138,7 @@ export interface TAccessApprovalPolicyDALFactory
         envId: string;
         enforcementLevel: string;
         allowedSelfApprovals: boolean;
-        secretPath: string;
+        secretPath?: string | null | undefined;
         deletedAt?: Date | null | undefined;
       }
     | undefined
@@ -190,7 +190,7 @@ export interface TAccessApprovalPolicyServiceFactory {
     envId: string;
     enforcementLevel: string;
     allowedSelfApprovals: boolean;
-    secretPath: string;
+    secretPath?: string | null | undefined;
     deletedAt?: Date | null | undefined;
   }>;
   deleteAccessApprovalPolicy: ({
@@ -214,7 +214,7 @@ export interface TAccessApprovalPolicyServiceFactory {
     envId: string;
     enforcementLevel: string;
     allowedSelfApprovals: boolean;
-    secretPath: string;
+    secretPath?: string | null | undefined;
     deletedAt?: Date | null | undefined;
     environment: {
       id: string;
@@ -252,7 +252,7 @@ export interface TAccessApprovalPolicyServiceFactory {
     envId: string;
     enforcementLevel: string;
     allowedSelfApprovals: boolean;
-    secretPath: string;
+    secretPath?: string | null | undefined;
     deletedAt?: Date | null | undefined;
   }>;
   getAccessApprovalPolicyByProjectSlug: ({
@@ -286,7 +286,7 @@ export interface TAccessApprovalPolicyServiceFactory {
       envId: string;
       enforcementLevel: string;
       allowedSelfApprovals: boolean;
-      secretPath: string;
+      secretPath?: string | null | undefined;
       deletedAt?: Date | null | undefined;
       environment: {
         id: string;
@@ -337,7 +337,7 @@ export interface TAccessApprovalPolicyServiceFactory {
     envId: string;
     enforcementLevel: string;
     allowedSelfApprovals: boolean;
-    secretPath: string;
+    secretPath?: string | null | undefined;
     deletedAt?: Date | null | undefined;
     environment: {
       id: string;

backend/src/ee/services/access-approval-policy/access-approval-policy-service.ts

@@ -60,26 +60,6 @@ export const accessApprovalPolicyServiceFactory = ({
   accessApprovalRequestReviewerDAL,
   orgMembershipDAL
 }: TAccessApprovalPolicyServiceFactoryDep): TAccessApprovalPolicyServiceFactory => {
-  const $policyExists = async ({
-    envId,
-    secretPath,
-    policyId
-  }: {
-    envId: string;
-    secretPath: string;
-    policyId?: string;
-  }) => {
-    const policy = await accessApprovalPolicyDAL
-      .findOne({
-        envId,
-        secretPath,
-        deletedAt: null
-      })
-      .catch(() => null);
-
-    return policyId ? policy && policy.id !== policyId : Boolean(policy);
-  };
-
   const createAccessApprovalPolicy: TAccessApprovalPolicyServiceFactory["createAccessApprovalPolicy"] = async ({
     name,
     actor,
@@ -126,12 +106,6 @@ export const accessApprovalPolicyServiceFactory = ({
     const env = await projectEnvDAL.findOne({ slug: environment, projectId: project.id });
     if (!env) throw new NotFoundError({ message: `Environment with slug '${environment}' not found` });
 
-    if (await $policyExists({ envId: env.id, secretPath })) {
-      throw new BadRequestError({
-        message: `A policy for secret path '${secretPath}' already exists in environment '${environment}'`
-      });
-    }
-
     let approverUserIds = userApprovers;
     if (userApproverNames.length) {
       const approverUsersInDB = await userDAL.find({
@@ -305,11 +279,7 @@ export const accessApprovalPolicyServiceFactory = ({
     ) as { username: string; sequence?: number }[];
 
     const accessApprovalPolicy = await accessApprovalPolicyDAL.findById(policyId);
-    if (!accessApprovalPolicy) {
+    if (!accessApprovalPolicy) throw new BadRequestError({ message: "Approval policy not found" });
-      throw new NotFoundError({
-        message: `Access approval policy with ID '${policyId}' not found`
-      });
-    }
 
     const currentApprovals = approvals || accessApprovalPolicy.approvals;
     if (
@@ -320,18 +290,9 @@ export const accessApprovalPolicyServiceFactory = ({
       throw new BadRequestError({ message: "Approvals cannot be greater than approvers" });
     }
 
-    if (
+    if (!accessApprovalPolicy) {
-      await $policyExists({
+      throw new NotFoundError({ message: `Secret approval policy with ID '${policyId}' not found` });
-        envId: accessApprovalPolicy.envId,
-        secretPath: secretPath || accessApprovalPolicy.secretPath,
-        policyId: accessApprovalPolicy.id
-      })
-    ) {
-      throw new BadRequestError({
-        message: `A policy for secret path '${secretPath}' already exists in environment '${accessApprovalPolicy.environment.slug}'`
-      });
     }
-
     const { permission } = await permissionService.getProjectPermission({
       actor,
       actorId,

backend/src/ee/services/access-approval-policy/access-approval-policy-types.ts

@@ -122,7 +122,7 @@ export interface TAccessApprovalPolicyServiceFactory {
     envId: string;
     enforcementLevel: string;
     allowedSelfApprovals: boolean;
-    secretPath: string;
+    secretPath?: string | null | undefined;
     deletedAt?: Date | null | undefined;
   }>;
   deleteAccessApprovalPolicy: ({
@@ -146,7 +146,7 @@ export interface TAccessApprovalPolicyServiceFactory {
     envId: string;
     enforcementLevel: string;
     allowedSelfApprovals: boolean;
-    secretPath: string;
+    secretPath?: string | null | undefined;
     deletedAt?: Date | null | undefined;
     environment: {
       id: string;
@@ -218,7 +218,7 @@ export interface TAccessApprovalPolicyServiceFactory {
       envId: string;
       enforcementLevel: string;
       allowedSelfApprovals: boolean;
-      secretPath: string;
+      secretPath?: string | null | undefined;
       deletedAt?: Date | null | undefined;
       environment: {
         id: string;
@@ -269,7 +269,7 @@ export interface TAccessApprovalPolicyServiceFactory {
     envId: string;
     enforcementLevel: string;
     allowedSelfApprovals: boolean;
-    secretPath: string;
+    secretPath?: string | null | undefined;
     deletedAt?: Date | null | undefined;
     environment: {
       id: string;

backend/src/ee/services/audit-log/audit-log-types.ts

@@ -116,15 +116,6 @@ interface BaseAuthData {
   userAgentType?: UserAgentType;
 }
 
-export enum SecretApprovalEvent {
-  Create = "create",
-  Update = "update",
-  Delete = "delete",
-  CreateMany = "create-many",
-  UpdateMany = "update-many",
-  DeleteMany = "delete-many"
-}
-
 export enum UserAgentType {
   WEB = "web",
   CLI = "cli",
@@ -1711,20 +1702,9 @@ interface SecretApprovalReopened {
 interface SecretApprovalRequest {
   type: EventType.SECRET_APPROVAL_REQUEST;
   metadata: {
-    committedBy?: string | null;
+    committedBy: string;
     secretApprovalRequestSlug: string;
     secretApprovalRequestId: string;
-    eventType: SecretApprovalEvent;
-    secretKey?: string;
-    secretId?: string;
-    secrets?: {
-      secretKey?: string;
-      secretId?: string;
-      environment?: string;
-      secretPath?: string;
-    }[];
-    environment: string;
-    secretPath: string;
   };
 }
 

backend/src/ee/services/dynamic-secret/providers/aws-iam.ts

@@ -21,7 +21,7 @@ import { randomUUID } from "crypto";
 import { z } from "zod";
 
 import { getConfig } from "@app/lib/config/env";
-import { BadRequestError, UnauthorizedError } from "@app/lib/errors";
+import { BadRequestError } from "@app/lib/errors";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
 
 import { AwsIamAuthType, DynamicSecretAwsIamSchema, TDynamicProviderFns } from "./models";
@@ -81,21 +81,6 @@ export const AwsIamProvider = (): TDynamicProviderFns => {
       return client;
     }
 
-    if (providerInputs.method === AwsIamAuthType.IRSA) {
-      // Allow instances to disable automatic service account token fetching (e.g. for shared cloud)
-      if (!appCfg.KUBERNETES_AUTO_FETCH_SERVICE_ACCOUNT_TOKEN) {
-        throw new UnauthorizedError({
-          message: "Failed to get AWS credentials via IRSA: KUBERNETES_AUTO_FETCH_SERVICE_ACCOUNT_TOKEN is not enabled."
-        });
-      }
-
-      // The SDK will automatically pick up credentials from the environment
-      const client = new IAMClient({
-        region: providerInputs.region
-      });
-      return client;
-    }
-
     const client = new IAMClient({
       region: providerInputs.region,
       credentials: {
@@ -116,7 +101,7 @@ export const AwsIamProvider = (): TDynamicProviderFns => {
       .catch((err) => {
         const message = (err as Error)?.message;
         if (
-          (providerInputs.method === AwsIamAuthType.AssumeRole || providerInputs.method === AwsIamAuthType.IRSA) &&
+          providerInputs.method === AwsIamAuthType.AssumeRole &&
           // assume role will throw an error asking to provider username, but if so this has access in aws correctly
           message.includes("Must specify userName when calling with non-User credentials")
         ) {

backend/src/ee/services/dynamic-secret/providers/models.ts

@@ -28,8 +28,7 @@ export enum SqlProviders {
 
 export enum AwsIamAuthType {
   AssumeRole = "assume-role",
-  AccessKey = "access-key",
+  AccessKey = "access-key"
-  IRSA = "irsa"
 }
 
 export enum ElasticSearchAuthTypes {
@@ -222,16 +221,6 @@ export const DynamicSecretAwsIamSchema = z.preprocess(
       userGroups: z.string().trim().optional(),
       policyArns: z.string().trim().optional(),
       tags: ResourceMetadataSchema.optional()
-    }),
-    z.object({
-      method: z.literal(AwsIamAuthType.IRSA),
-      region: z.string().trim().min(1),
-      awsPath: z.string().trim().optional(),
-      permissionBoundaryPolicyArn: z.string().trim().optional(),
-      policyDocument: z.string().trim().optional(),
-      userGroups: z.string().trim().optional(),
-      policyArns: z.string().trim().optional(),
-      tags: ResourceMetadataSchema.optional()
     })
   ])
 );

backend/src/ee/services/ldap-config/ldap-config-service.ts

@@ -361,6 +361,13 @@ export const ldapConfigServiceFactory = ({
       });
     } else {
       const plan = await licenseService.getPlan(orgId);
+      if (plan?.slug !== "enterprise" && plan?.memberLimit && plan.membersUsed >= plan.memberLimit) {
+        // limit imposed on number of members allowed / number of members used exceeds the number of members allowed
+        throw new BadRequestError({
+          message: "Failed to create new member via LDAP due to member limit reached. Upgrade plan to add more members."
+        });
+      }
+
       if (plan?.slug !== "enterprise" && plan?.identityLimit && plan.identitiesUsed >= plan.identityLimit) {
         // limit imposed on number of identities allowed / number of identities used exceeds the number of identities allowed
         throw new BadRequestError({

backend/src/ee/services/license/licence-enums.ts

@@ -1,4 +1,5 @@
 export const BillingPlanRows = {
+  MemberLimit: { name: "Organization member limit", field: "memberLimit" },
   IdentityLimit: { name: "Organization identity limit", field: "identityLimit" },
   WorkspaceLimit: { name: "Project limit", field: "workspaceLimit" },
   EnvironmentLimit: { name: "Environment limit", field: "environmentLimit" },

backend/src/ee/services/license/license-service.ts

@@ -442,7 +442,9 @@ export const licenseServiceFactory = ({
         rows: data.rows.map((el) => {
           let used = "-";
 
-          if (el.name === BillingPlanRows.WorkspaceLimit.name) {
+          if (el.name === BillingPlanRows.MemberLimit.name) {
+            used = orgMembersUsed.toString();
+          } else if (el.name === BillingPlanRows.WorkspaceLimit.name) {
             used = projectCount.toString();
           } else if (el.name === BillingPlanRows.IdentityLimit.name) {
             used = (identityUsed + orgMembersUsed).toString();
@@ -462,10 +464,12 @@ export const licenseServiceFactory = ({
         const allowed = onPremFeatures[field as keyof TFeatureSet];
         let used = "-";
 
-        if (field === BillingPlanRows.WorkspaceLimit.field) {
+        if (field === BillingPlanRows.MemberLimit.field) {
+          used = orgMembersUsed.toString();
+        } else if (field === BillingPlanRows.WorkspaceLimit.field) {
           used = projectCount.toString();
         } else if (field === BillingPlanRows.IdentityLimit.field) {
-          used = (identityUsed + orgMembersUsed).toString();
+          used = identityUsed.toString();
         }
 
         return {

backend/src/ee/services/saml-config/saml-config-service.ts

@@ -311,6 +311,13 @@ export const samlConfigServiceFactory = ({
       });
     } else {
       const plan = await licenseService.getPlan(orgId);
+      if (plan?.slug !== "enterprise" && plan?.memberLimit && plan.membersUsed >= plan.memberLimit) {
+        // limit imposed on number of members allowed / number of members used exceeds the number of members allowed
+        throw new BadRequestError({
+          message: "Failed to create new member via SAML due to member limit reached. Upgrade plan to add more members."
+        });
+      }
+
       if (plan?.slug !== "enterprise" && plan?.identityLimit && plan.identitiesUsed >= plan.identityLimit) {
         // limit imposed on number of identities allowed / number of identities used exceeds the number of identities allowed
         throw new BadRequestError({

backend/src/ee/services/secret-approval-policy/secret-approval-policy-service.ts

@@ -55,26 +55,6 @@ export const secretApprovalPolicyServiceFactory = ({
   licenseService,
   secretApprovalRequestDAL
 }: TSecretApprovalPolicyServiceFactoryDep) => {
-  const $policyExists = async ({
-    envId,
-    secretPath,
-    policyId
-  }: {
-    envId: string;
-    secretPath: string;
-    policyId?: string;
-  }) => {
-    const policy = await secretApprovalPolicyDAL
-      .findOne({
-        envId,
-        secretPath,
-        deletedAt: null
-      })
-      .catch(() => null);
-
-    return policyId ? policy && policy.id !== policyId : Boolean(policy);
-  };
-
   const createSecretApprovalPolicy = async ({
     name,
     actor,
@@ -126,17 +106,10 @@ export const secretApprovalPolicyServiceFactory = ({
     }
 
     const env = await projectEnvDAL.findOne({ slug: environment, projectId });
-    if (!env) {
+    if (!env)
       throw new NotFoundError({
         message: `Environment with slug '${environment}' not found in project with ID ${projectId}`
       });
-    }
-
-    if (await $policyExists({ envId: env.id, secretPath })) {
-      throw new BadRequestError({
-        message: `A policy for secret path '${secretPath}' already exists in environment '${environment}'`
-      });
-    }
 
     let groupBypassers: string[] = [];
     let bypasserUserIds: string[] = [];
@@ -287,18 +260,6 @@ export const secretApprovalPolicyServiceFactory = ({
       });
     }
 
-    if (
-      await $policyExists({
-        envId: secretApprovalPolicy.envId,
-        secretPath: secretPath || secretApprovalPolicy.secretPath,
-        policyId: secretApprovalPolicy.id
-      })
-    ) {
-      throw new BadRequestError({
-        message: `A policy for secret path '${secretPath}' already exists in environment '${secretApprovalPolicy.environment.slug}'`
-      });
-    }
-
     const { permission } = await permissionService.getProjectPermission({
       actor,
       actorId,

backend/src/ee/services/secret-approval-policy/secret-approval-policy-types.ts

@@ -4,7 +4,7 @@ import { ApproverType, BypasserType } from "../access-approval-policy/access-app
 
 export type TCreateSapDTO = {
   approvals: number;
-  secretPath: string;
+  secretPath?: string | null;
   environment: string;
   approvers: ({ type: ApproverType.Group; id: string } | { type: ApproverType.User; id?: string; username?: string })[];
   bypassers?: (
@@ -20,7 +20,7 @@ export type TCreateSapDTO = {
 export type TUpdateSapDTO = {
   secretPolicyId: string;
   approvals?: number;
-  secretPath?: string;
+  secretPath?: string | null;
   approvers: ({ type: ApproverType.Group; id: string } | { type: ApproverType.User; id?: string; username?: string })[];
   bypassers?: (
     | { type: BypasserType.Group; id: string }

backend/src/ee/services/secret-approval-request/secret-approval-request-dal.ts

@@ -45,7 +45,7 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
         `${TableName.SecretApprovalRequest}.statusChangedByUserId`,
         `statusChangedByUser.id`
       )
-      .leftJoin<TUsers>(
+      .join<TUsers>(
         db(TableName.Users).as("committerUser"),
         `${TableName.SecretApprovalRequest}.committerUserId`,
         `committerUser.id`
@@ -173,15 +173,13 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
                 username: el.statusChangedByUserUsername
               }
             : undefined,
-          committerUser: el.committerUserId
+          committerUser: {
-            ? {
             userId: el.committerUserId,
             email: el.committerUserEmail,
             firstName: el.committerUserFirstName,
             lastName: el.committerUserLastName,
             username: el.committerUserUsername
-              }
+          },
-            : null,
           policy: {
             id: el.policyId,
             name: el.policyName,
@@ -379,7 +377,7 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
           `${TableName.SecretApprovalPolicyBypasser}.bypasserGroupId`,
           `bypasserUserGroupMembership.groupId`
         )
-        .leftJoin<TUsers>(
+        .join<TUsers>(
           db(TableName.Users).as("committerUser"),
           `${TableName.SecretApprovalRequest}.committerUserId`,
           `committerUser.id`
@@ -490,15 +488,13 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
             enforcementLevel: el.policyEnforcementLevel,
             allowedSelfApprovals: el.policyAllowedSelfApprovals
           },
-          committerUser: el.committerUserId
+          committerUser: {
-            ? {
             userId: el.committerUserId,
             email: el.committerUserEmail,
             firstName: el.committerUserFirstName,
             lastName: el.committerUserLastName,
             username: el.committerUserUsername
           }
-            : null
         }),
         childrenMapper: [
           {
@@ -585,7 +581,7 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
           `${TableName.SecretApprovalPolicyBypasser}.bypasserGroupId`,
           `bypasserUserGroupMembership.groupId`
         )
-        .leftJoin<TUsers>(
+        .join<TUsers>(
           db(TableName.Users).as("committerUser"),
           `${TableName.SecretApprovalRequest}.committerUserId`,
           `committerUser.id`
@@ -697,15 +693,13 @@ export const secretApprovalRequestDALFactory = (db: TDbClient) => {
             enforcementLevel: el.policyEnforcementLevel,
             allowedSelfApprovals: el.policyAllowedSelfApprovals
           },
-          committerUser: el.committerUserId
+          committerUser: {
-            ? {
             userId: el.committerUserId,
             email: el.committerUserEmail,
             firstName: el.committerUserFirstName,
             lastName: el.committerUserLastName,
             username: el.committerUserUsername
           }
-            : null
         }),
         childrenMapper: [
           {

backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts

@@ -10,7 +10,6 @@ import {
   TSecretApprovalRequestsSecretsInsert,
   TSecretApprovalRequestsSecretsV2Insert
 } from "@app/db/schemas";
-import { Event, EventType } from "@app/ee/services/audit-log/audit-log-types";
 import { getConfig } from "@app/lib/config/env";
 import { decryptSymmetric128BitHexKeyUTF8 } from "@app/lib/crypto";
 import { BadRequestError, ForbiddenRequestError, NotFoundError } from "@app/lib/errors";
@@ -524,7 +523,7 @@ export const secretApprovalRequestServiceFactory = ({
       });
     }
 
-    const { policy, folderId, projectId, bypassers, environment } = secretApprovalRequest;
+    const { policy, folderId, projectId, bypassers } = secretApprovalRequest;
     if (policy.deletedAt) {
       throw new BadRequestError({
         message: "The policy associated with this secret approval request has been deleted."
@@ -958,112 +957,7 @@ export const secretApprovalRequestServiceFactory = ({
       });
     }
 
-    const { created, updated, deleted } = mergeStatus.secrets;
+    return mergeStatus;
-
-    const secretMutationEvents: Event[] = [];
-
-    if (created.length) {
-      if (created.length > 1) {
-        secretMutationEvents.push({
-          type: EventType.CREATE_SECRETS,
-          metadata: {
-            environment,
-            secretPath: folder.path,
-            secrets: created.map((secret) => ({
-              secretId: secret.id,
-              secretVersion: 1,
-              // @ts-expect-error not present on v1 secrets
-              secretKey: secret.key as string,
-              // @ts-expect-error not present on v1 secrets
-              secretMetadata: secret.secretMetadata as ResourceMetadataDTO
-            }))
-          }
-        });
-      } else {
-        const [secret] = created;
-        secretMutationEvents.push({
-          type: EventType.CREATE_SECRET,
-          metadata: {
-            environment,
-            secretPath: folder.path,
-            secretId: secret.id,
-            secretVersion: 1,
-            // @ts-expect-error not present on v1 secrets
-            secretKey: secret.key as string,
-            // @ts-expect-error not present on v1 secrets
-            secretMetadata: secret.secretMetadata as ResourceMetadataDTO
-          }
-        });
-      }
-    }
-
-    if (updated.length) {
-      if (updated.length > 1) {
-        secretMutationEvents.push({
-          type: EventType.UPDATE_SECRETS,
-          metadata: {
-            environment,
-            secretPath: folder.path,
-            secrets: updated.map((secret) => ({
-              secretId: secret.id,
-              secretVersion: secret.version,
-              // @ts-expect-error not present on v1 secrets
-              secretKey: secret.key as string,
-              // @ts-expect-error not present on v1 secrets
-              secretMetadata: secret.secretMetadata as ResourceMetadataDTO
-            }))
-          }
-        });
-      } else {
-        const [secret] = updated;
-        secretMutationEvents.push({
-          type: EventType.UPDATE_SECRET,
-          metadata: {
-            environment,
-            secretPath: folder.path,
-            secretId: secret.id,
-            secretVersion: secret.version,
-            // @ts-expect-error not present on v1 secrets
-            secretKey: secret.key as string,
-            // @ts-expect-error not present on v1 secrets
-            secretMetadata: secret.secretMetadata as ResourceMetadataDTO
-          }
-        });
-      }
-    }
-
-    if (deleted.length) {
-      if (deleted.length > 1) {
-        secretMutationEvents.push({
-          type: EventType.DELETE_SECRETS,
-          metadata: {
-            environment,
-            secretPath: folder.path,
-            secrets: deleted.map((secret) => ({
-              secretId: secret.id,
-              secretVersion: secret.version,
-              // @ts-expect-error not present on v1 secrets
-              secretKey: secret.key as string
-            }))
-          }
-        });
-      } else {
-        const [secret] = deleted;
-        secretMutationEvents.push({
-          type: EventType.DELETE_SECRET,
-          metadata: {
-            environment,
-            secretPath: folder.path,
-            secretId: secret.id,
-            secretVersion: secret.version,
-            // @ts-expect-error not present on v1 secrets
-            secretKey: secret.key as string
-          }
-        });
-      }
-    }
-
-    return { ...mergeStatus, projectId, secretMutationEvents };
   };
 
   // function to save secret change to secret approval
@@ -1320,7 +1214,7 @@ export const secretApprovalRequestServiceFactory = ({
     });
 
     const env = await projectEnvDAL.findOne({ id: policy.envId });
-    const user = await userDAL.findById(actorId);
+    const user = await userDAL.findById(secretApprovalRequest.committerUserId);
 
     await triggerWorkflowIntegrationNotification({
       input: {
@@ -1657,7 +1551,7 @@ export const secretApprovalRequestServiceFactory = ({
       return { ...doc, commits: approvalCommits };
     });
 
-    const user = await userDAL.findById(actorId);
+    const user = await userDAL.findById(secretApprovalRequest.committerUserId);
     const env = await projectEnvDAL.findOne({ id: policy.envId });
 
     await triggerWorkflowIntegrationNotification({

backend/src/ee/services/secret-scanning-v2/secret-scanning-v2-queue.ts

@@ -37,8 +37,7 @@ import {
   TQueueSecretScanningDataSourceFullScan,
   TQueueSecretScanningResourceDiffScan,
   TQueueSecretScanningSendNotification,
-  TSecretScanningDataSourceWithConnection,
+  TSecretScanningDataSourceWithConnection
-  TSecretScanningFinding
 } from "./secret-scanning-v2-types";
 
 type TSecretRotationV2QueueServiceFactoryDep = {
@@ -460,16 +459,13 @@ export const secretScanningV2QueueServiceFactory = async ({
         const newFindings = allFindings.filter((finding) => finding.scanId === scanId);
 
         if (newFindings.length) {
-          const finding = newFindings[0] as TSecretScanningFinding;
           await queueService.queuePg(QueueJobs.SecretScanningV2SendNotification, {
             status: SecretScanningScanStatus.Completed,
             resourceName: resource.name,
             isDiffScan: true,
             dataSource,
             numberOfSecrets: newFindings.length,
-            scanId,
+            scanId
-            authorName: finding?.details?.author,
-            authorEmail: finding?.details?.email
           });
         }
 
@@ -586,8 +582,8 @@ export const secretScanningV2QueueServiceFactory = async ({
           substitutions:
             payload.status === SecretScanningScanStatus.Completed
               ? {
-                  authorName: payload.authorName,
+                  authorName: "Jim",
-                  authorEmail: payload.authorEmail,
+                  authorEmail: "jim@infisical.com",
                   resourceName,
                   numberOfSecrets: payload.numberOfSecrets,
                   isDiffScan: payload.isDiffScan,

backend/src/ee/services/secret-scanning-v2/secret-scanning-v2-types.ts

@@ -119,14 +119,7 @@ export type TQueueSecretScanningSendNotification = {
   resourceName: string;
 } & (
   | { status: SecretScanningScanStatus.Failed; errorMessage: string }
-  | {
+  | { status: SecretScanningScanStatus.Completed; numberOfSecrets: number; scanId: string; isDiffScan: boolean }
-      status: SecretScanningScanStatus.Completed;
-      numberOfSecrets: number;
-      scanId: string;
-      isDiffScan: boolean;
-      authorName?: string;
-      authorEmail?: string;
-    }
 );
 
 export type TCloneRepository = {

backend/src/lib/api-docs/constants.ts

@@ -2279,9 +2279,6 @@ export const AppConnections = {
     ZABBIX: {
       apiToken: "The API Token used to access Zabbix.",
       instanceUrl: "The Zabbix instance URL to connect with."
-    },
-    RAILWAY: {
-      apiToken: "The API token used to authenticate with Railway."
     }
   }
 };
@@ -2472,22 +2469,11 @@ export const SecretSyncs = {
       projectName: "The name of the Cloudflare Pages project to sync secrets to.",
       environment: "The environment of the Cloudflare Pages project to sync secrets to."
     },
-    CLOUDFLARE_WORKERS: {
-      scriptId: "The ID of the Cloudflare Workers script to sync secrets to."
-    },
     ZABBIX: {
       scope: "The Zabbix scope that secrets should be synced to.",
       hostId: "The ID of the Zabbix host to sync secrets to.",
       hostName: "The name of the Zabbix host to sync secrets to.",
       macroType: "The type of macro to sync secrets to. (0: Text, 1: Secret)"
-    },
-    RAILWAY: {
-      projectId: "The ID of the Railway project to sync secrets to.",
-      projectName: "The name of the Railway project to sync secrets to.",
-      environmentId: "The Railway environment to sync secrets to.",
-      environmentName: "The Railway environment to sync secrets to.",
-      serviceId: "The Railway service that secrets should be synced to.",
-      serviceName: "The Railway service that secrets should be synced to."
     }
   }
 };
@@ -2608,9 +2594,7 @@ export const SecretRotations = {
 
 export const SecretScanningDataSources = {
   LIST: (type?: SecretScanningDataSource) => ({
-    projectId: `The ID of the project to list ${
+    projectId: `The ID of the project to list ${type ? SECRET_SCANNING_DATA_SOURCE_NAME_MAP[type] : "Scanning"} Data Sources from.`
-      type ? SECRET_SCANNING_DATA_SOURCE_NAME_MAP[type] : "Scanning"
-    } Data Sources from.`
   }),
   GET_BY_ID: (type: SecretScanningDataSource) => ({
     dataSourceId: `The ID of the ${SECRET_SCANNING_DATA_SOURCE_NAME_MAP[type]} Data Source to retrieve.`

backend/src/lib/config/env.ts

@@ -28,7 +28,6 @@ const databaseReadReplicaSchema = z
 const envSchema = z
   .object({
     INFISICAL_PLATFORM_VERSION: zpStr(z.string().optional()),
-    KUBERNETES_AUTO_FETCH_SERVICE_ACCOUNT_TOKEN: zodStrBool.default("false"),
     PORT: z.coerce.number().default(IS_PACKAGED ? 8080 : 4000),
     DISABLE_SECRET_SCANNING: z
       .enum(["true", "false"])
@@ -374,19 +373,6 @@ export const overwriteSchema: {
     fields: { key: keyof TEnvConfig; description?: string }[];
   };
 } = {
-  aws: {
-    name: "AWS",
-    fields: [
-      {
-        key: "INF_APP_CONNECTION_AWS_ACCESS_KEY_ID",
-        description: "The Access Key ID of your AWS account."
-      },
-      {
-        key: "INF_APP_CONNECTION_AWS_SECRET_ACCESS_KEY",
-        description: "The Client Secret of your AWS application."
-      }
-    ]
-  },
   azure: {
     name: "Azure",
     fields: [
@@ -400,79 +386,16 @@ export const overwriteSchema: {
       }
     ]
   },
-  gcp: {
+  google_sso: {
-    name: "GCP",
+    name: "Google SSO",
     fields: [
       {
-        key: "INF_APP_CONNECTION_GCP_SERVICE_ACCOUNT_CREDENTIAL",
+        key: "CLIENT_ID_GOOGLE_LOGIN",
-        description: "The GCP Service Account JSON credentials."
+        description: "The Client ID of your GCP OAuth2 application."
-      }
-    ]
-  },
-  github_app: {
-    name: "GitHub App",
-    fields: [
-      {
-        key: "INF_APP_CONNECTION_GITHUB_APP_CLIENT_ID",
-        description: "The Client ID of your GitHub application."
       },
       {
-        key: "INF_APP_CONNECTION_GITHUB_APP_CLIENT_SECRET",
+        key: "CLIENT_SECRET_GOOGLE_LOGIN",
-        description: "The Client Secret of your GitHub application."
+        description: "The Client Secret of your GCP OAuth2 application."
-      },
-      {
-        key: "INF_APP_CONNECTION_GITHUB_APP_SLUG",
-        description: "The Slug of your GitHub application. This is the one found in the URL."
-      },
-      {
-        key: "INF_APP_CONNECTION_GITHUB_APP_ID",
-        description: "The App ID of your GitHub application."
-      },
-      {
-        key: "INF_APP_CONNECTION_GITHUB_APP_PRIVATE_KEY",
-        description: "The Private Key of your GitHub application."
-      }
-    ]
-  },
-  github_oauth: {
-    name: "GitHub OAuth",
-    fields: [
-      {
-        key: "INF_APP_CONNECTION_GITHUB_OAUTH_CLIENT_ID",
-        description: "The Client ID of your GitHub OAuth application."
-      },
-      {
-        key: "INF_APP_CONNECTION_GITHUB_OAUTH_CLIENT_SECRET",
-        description: "The Client Secret of your GitHub OAuth application."
-      }
-    ]
-  },
-  github_radar_app: {
-    name: "GitHub Radar App",
-    fields: [
-      {
-        key: "INF_APP_CONNECTION_GITHUB_RADAR_APP_CLIENT_ID",
-        description: "The Client ID of your GitHub application."
-      },
-      {
-        key: "INF_APP_CONNECTION_GITHUB_RADAR_APP_CLIENT_SECRET",
-        description: "The Client Secret of your GitHub application."
-      },
-      {
-        key: "INF_APP_CONNECTION_GITHUB_RADAR_APP_SLUG",
-        description: "The Slug of your GitHub application. This is the one found in the URL."
-      },
-      {
-        key: "INF_APP_CONNECTION_GITHUB_RADAR_APP_ID",
-        description: "The App ID of your GitHub application."
-      },
-      {
-        key: "INF_APP_CONNECTION_GITHUB_RADAR_APP_PRIVATE_KEY",
-        description: "The Private Key of your GitHub application."
-      },
-      {
-        key: "INF_APP_CONNECTION_GITHUB_RADAR_APP_WEBHOOK_SECRET",
-        description: "The Webhook Secret of your GitHub application."
       }
     ]
   },
@@ -489,19 +412,6 @@ export const overwriteSchema: {
       }
     ]
   },
-  gitlab_oauth: {
-    name: "GitLab OAuth",
-    fields: [
-      {
-        key: "INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_ID",
-        description: "The Client ID of your GitLab OAuth application."
-      },
-      {
-        key: "INF_APP_CONNECTION_GITLAB_OAUTH_CLIENT_SECRET",
-        description: "The Client Secret of your GitLab OAuth application."
-      }
-    ]
-  },
   gitlab_sso: {
     name: "GitLab SSO",
     fields: [
@@ -519,19 +429,6 @@ export const overwriteSchema: {
           "The URL of your self-hosted instance of GitLab where the OAuth application is registered. If no URL is passed in, this will default to https://gitlab.com."
       }
     ]
-  },
-  google_sso: {
-    name: "Google SSO",
-    fields: [
-      {
-        key: "CLIENT_ID_GOOGLE_LOGIN",
-        description: "The Client ID of your GCP OAuth2 application."
-      },
-      {
-        key: "CLIENT_SECRET_GOOGLE_LOGIN",
-        description: "The Client Secret of your GCP OAuth2 application."
-      }
-    ]
   }
 };
 

backend/src/lib/config/request.ts

@@ -1,18 +1,11 @@
-import axios, { AxiosInstance, CreateAxiosDefaults } from "axios";
+import axios from "axios";
-import axiosRetry, { IAxiosRetryConfig } from "axios-retry";
+import axiosRetry from "axios-retry";
 
-export function createRequestClient(defaults: CreateAxiosDefaults = {}, retry: IAxiosRetryConfig = {}): AxiosInstance {
+export const request = axios.create();
-  const client = axios.create(defaults);
 
-  axiosRetry(client, {
+axiosRetry(request, {
   retries: 3,
   // eslint-disable-next-line
   retryDelay: axiosRetry.exponentialDelay,
-    retryCondition: (err) => axiosRetry.isNetworkError(err) || axiosRetry.isRetryableError(err),
+  retryCondition: (err) => axiosRetry.isNetworkError(err) || axiosRetry.isRetryableError(err)
-    ...retry
 });
-
-  return client;
-}
-
-export const request = createRequestClient();

backend/src/server/routes/v1/admin-router.ts

@@ -49,8 +49,7 @@ export const registerAdminRouter = async (server: FastifyZodProvider) => {
             defaultAuthOrgSlug: z.string().nullable(),
             defaultAuthOrgAuthEnforced: z.boolean().nullish(),
             defaultAuthOrgAuthMethod: z.string().nullish(),
-            isSecretScanningDisabled: z.boolean(),
+            isSecretScanningDisabled: z.boolean()
-            kubernetesAutoFetchServiceAccountToken: z.boolean()
           })
         })
       }
@@ -62,8 +61,7 @@ export const registerAdminRouter = async (server: FastifyZodProvider) => {
         config: {
           ...config,
           isMigrationModeOn: serverEnvs.MAINTENANCE_MODE,
-          isSecretScanningDisabled: serverEnvs.DISABLE_SECRET_SCANNING,
+          isSecretScanningDisabled: serverEnvs.DISABLE_SECRET_SCANNING
-          kubernetesAutoFetchServiceAccountToken: serverEnvs.KUBERNETES_AUTO_FETCH_SERVICE_ACCOUNT_TOKEN
         }
       };
     }

backend/src/server/routes/v1/app-connection-routers/app-connection-router.ts

@@ -71,10 +71,6 @@ import {
   PostgresConnectionListItemSchema,
   SanitizedPostgresConnectionSchema
 } from "@app/services/app-connection/postgres";
-import {
-  RailwayConnectionListItemSchema,
-  SanitizedRailwayConnectionSchema
-} from "@app/services/app-connection/railway";
 import {
   RenderConnectionListItemSchema,
   SanitizedRenderConnectionSchema
@@ -127,8 +123,7 @@ const SanitizedAppConnectionSchema = z.union([
   ...SanitizedGitLabConnectionSchema.options,
   ...SanitizedCloudflareConnectionSchema.options,
   ...SanitizedBitbucketConnectionSchema.options,
-  ...SanitizedZabbixConnectionSchema.options,
+  ...SanitizedZabbixConnectionSchema.options
-  ...SanitizedRailwayConnectionSchema.options
 ]);
 
 const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
@@ -162,8 +157,7 @@ const AppConnectionOptionsSchema = z.discriminatedUnion("app", [
   GitLabConnectionListItemSchema,
   CloudflareConnectionListItemSchema,
   BitbucketConnectionListItemSchema,
-  ZabbixConnectionListItemSchema,
+  ZabbixConnectionListItemSchema
-  RailwayConnectionListItemSchema
 ]);
 
 export const registerAppConnectionRouter = async (server: FastifyZodProvider) => {

backend/src/server/routes/v1/app-connection-routers/cloudflare-connection-router.ts

@@ -50,32 +50,4 @@ export const registerCloudflareConnectionRouter = async (server: FastifyZodProvi
       return projects;
     }
   });
-
-  server.route({
-    method: "GET",
-    url: `/:connectionId/cloudflare-workers-scripts`,
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      params: z.object({
-        connectionId: z.string().uuid()
-      }),
-      response: {
-        200: z
-          .object({
-            id: z.string()
-          })
-          .array()
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const { connectionId } = req.params;
-
-      const projects = await server.services.appConnection.cloudflare.listWorkersScripts(connectionId, req.permission);
-
-      return projects;
-    }
-  });
 };

backend/src/server/routes/v1/app-connection-routers/index.ts

@@ -25,7 +25,6 @@ import { registerLdapConnectionRouter } from "./ldap-connection-router";
 import { registerMsSqlConnectionRouter } from "./mssql-connection-router";
 import { registerMySqlConnectionRouter } from "./mysql-connection-router";
 import { registerPostgresConnectionRouter } from "./postgres-connection-router";
-import { registerRailwayConnectionRouter } from "./railway-connection-router";
 import { registerRenderConnectionRouter } from "./render-connection-router";
 import { registerTeamCityConnectionRouter } from "./teamcity-connection-router";
 import { registerTerraformCloudConnectionRouter } from "./terraform-cloud-router";
@@ -67,6 +66,5 @@ export const APP_CONNECTION_REGISTER_ROUTER_MAP: Record<AppConnection, (server:
     [AppConnection.GitLab]: registerGitLabConnectionRouter,
     [AppConnection.Cloudflare]: registerCloudflareConnectionRouter,
     [AppConnection.Bitbucket]: registerBitbucketConnectionRouter,
-    [AppConnection.Zabbix]: registerZabbixConnectionRouter,
+    [AppConnection.Zabbix]: registerZabbixConnectionRouter
-    [AppConnection.Railway]: registerRailwayConnectionRouter
   };

backend/src/server/routes/v1/app-connection-routers/railway-connection-router.ts

@@ -1,67 +0,0 @@
-import { z } from "zod";
-
-import { readLimit } from "@app/server/config/rateLimiter";
-import { verifyAuth } from "@app/server/plugins/auth/verify-auth";
-import { AppConnection } from "@app/services/app-connection/app-connection-enums";
-import {
-  CreateRailwayConnectionSchema,
-  SanitizedRailwayConnectionSchema,
-  UpdateRailwayConnectionSchema
-} from "@app/services/app-connection/railway";
-import { AuthMode } from "@app/services/auth/auth-type";
-
-import { registerAppConnectionEndpoints } from "./app-connection-endpoints";
-
-export const registerRailwayConnectionRouter = async (server: FastifyZodProvider) => {
-  registerAppConnectionEndpoints({
-    app: AppConnection.Railway,
-    server,
-    sanitizedResponseSchema: SanitizedRailwayConnectionSchema,
-    createSchema: CreateRailwayConnectionSchema,
-    updateSchema: UpdateRailwayConnectionSchema
-  });
-
-  // The below endpoints are not exposed and for Infisical App use
-  server.route({
-    method: "GET",
-    url: `/:connectionId/projects`,
-    config: {
-      rateLimit: readLimit
-    },
-    schema: {
-      params: z.object({
-        connectionId: z.string().uuid()
-      }),
-      response: {
-        200: z.object({
-          projects: z
-            .object({
-              name: z.string(),
-              id: z.string(),
-              services: z.array(
-                z.object({
-                  name: z.string(),
-                  id: z.string()
-                })
-              ),
-              environments: z.array(
-                z.object({
-                  name: z.string(),
-                  id: z.string()
-                })
-              )
-            })
-            .array()
-        })
-      }
-    },
-    onRequest: verifyAuth([AuthMode.JWT]),
-    handler: async (req) => {
-      const { connectionId } = req.params;
-
-      const projects = await server.services.appConnection.railway.listProjects(connectionId, req.permission);
-
-      return { projects };
-    }
-  });
-};

backend/src/server/routes/v1/secret-sync-routers/cloudflare-workers-sync-router.ts

@@ -1,17 +0,0 @@
-import {
-  CloudflareWorkersSyncSchema,
-  CreateCloudflareWorkersSyncSchema,
-  UpdateCloudflareWorkersSyncSchema
-} from "@app/services/secret-sync/cloudflare-workers/cloudflare-workers-schemas";
-import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
-
-import { registerSyncSecretsEndpoints } from "./secret-sync-endpoints";
-
-export const registerCloudflareWorkersSyncRouter = async (server: FastifyZodProvider) =>
-  registerSyncSecretsEndpoints({
-    destination: SecretSync.CloudflareWorkers,
-    server,
-    responseSchema: CloudflareWorkersSyncSchema,
-    createSchema: CreateCloudflareWorkersSyncSchema,
-    updateSchema: UpdateCloudflareWorkersSyncSchema
-  });

backend/src/server/routes/v1/secret-sync-routers/index.ts

@@ -9,7 +9,6 @@ import { registerAzureDevOpsSyncRouter } from "./azure-devops-sync-router";
 import { registerAzureKeyVaultSyncRouter } from "./azure-key-vault-sync-router";
 import { registerCamundaSyncRouter } from "./camunda-sync-router";
 import { registerCloudflarePagesSyncRouter } from "./cloudflare-pages-sync-router";
-import { registerCloudflareWorkersSyncRouter } from "./cloudflare-workers-sync-router";
 import { registerDatabricksSyncRouter } from "./databricks-sync-router";
 import { registerFlyioSyncRouter } from "./flyio-sync-router";
 import { registerGcpSyncRouter } from "./gcp-sync-router";
@@ -18,7 +17,6 @@ import { registerGitLabSyncRouter } from "./gitlab-sync-router";
 import { registerHCVaultSyncRouter } from "./hc-vault-sync-router";
 import { registerHerokuSyncRouter } from "./heroku-sync-router";
 import { registerHumanitecSyncRouter } from "./humanitec-sync-router";
-import { registerRailwaySyncRouter } from "./railway-sync-router";
 import { registerRenderSyncRouter } from "./render-sync-router";
 import { registerTeamCitySyncRouter } from "./teamcity-sync-router";
 import { registerTerraformCloudSyncRouter } from "./terraform-cloud-sync-router";
@@ -51,8 +49,5 @@ export const SECRET_SYNC_REGISTER_ROUTER_MAP: Record<SecretSync, (server: Fastif
   [SecretSync.Flyio]: registerFlyioSyncRouter,
   [SecretSync.GitLab]: registerGitLabSyncRouter,
   [SecretSync.CloudflarePages]: registerCloudflarePagesSyncRouter,
-  [SecretSync.CloudflareWorkers]: registerCloudflareWorkersSyncRouter,
+  [SecretSync.Zabbix]: registerZabbixSyncRouter
-
-  [SecretSync.Zabbix]: registerZabbixSyncRouter,
-  [SecretSync.Railway]: registerRailwaySyncRouter
 };

backend/src/server/routes/v1/secret-sync-routers/railway-sync-router.ts

@@ -1,17 +0,0 @@
-import {
-  CreateRailwaySyncSchema,
-  RailwaySyncSchema,
-  UpdateRailwaySyncSchema
-} from "@app/services/secret-sync/railway/railway-sync-schemas";
-import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
-
-import { registerSyncSecretsEndpoints } from "./secret-sync-endpoints";
-
-export const registerRailwaySyncRouter = async (server: FastifyZodProvider) =>
-  registerSyncSecretsEndpoints({
-    destination: SecretSync.Railway,
-    server,
-    responseSchema: RailwaySyncSchema,
-    createSchema: CreateRailwaySyncSchema,
-    updateSchema: UpdateRailwaySyncSchema
-  });

backend/src/server/routes/v1/secret-sync-routers/secret-sync-router.ts

@@ -26,10 +26,6 @@ import {
   CloudflarePagesSyncListItemSchema,
   CloudflarePagesSyncSchema
 } from "@app/services/secret-sync/cloudflare-pages/cloudflare-pages-schema";
-import {
-  CloudflareWorkersSyncListItemSchema,
-  CloudflareWorkersSyncSchema
-} from "@app/services/secret-sync/cloudflare-workers/cloudflare-workers-schemas";
 import { DatabricksSyncListItemSchema, DatabricksSyncSchema } from "@app/services/secret-sync/databricks";
 import { FlyioSyncListItemSchema, FlyioSyncSchema } from "@app/services/secret-sync/flyio";
 import { GcpSyncListItemSchema, GcpSyncSchema } from "@app/services/secret-sync/gcp";
@@ -38,7 +34,6 @@ import { GitLabSyncListItemSchema, GitLabSyncSchema } from "@app/services/secret
 import { HCVaultSyncListItemSchema, HCVaultSyncSchema } from "@app/services/secret-sync/hc-vault";
 import { HerokuSyncListItemSchema, HerokuSyncSchema } from "@app/services/secret-sync/heroku";
 import { HumanitecSyncListItemSchema, HumanitecSyncSchema } from "@app/services/secret-sync/humanitec";
-import { RailwaySyncListItemSchema, RailwaySyncSchema } from "@app/services/secret-sync/railway/railway-sync-schemas";
 import { RenderSyncListItemSchema, RenderSyncSchema } from "@app/services/secret-sync/render/render-sync-schemas";
 import { TeamCitySyncListItemSchema, TeamCitySyncSchema } from "@app/services/secret-sync/teamcity";
 import { TerraformCloudSyncListItemSchema, TerraformCloudSyncSchema } from "@app/services/secret-sync/terraform-cloud";
@@ -69,10 +64,7 @@ const SecretSyncSchema = z.discriminatedUnion("destination", [
   FlyioSyncSchema,
   GitLabSyncSchema,
   CloudflarePagesSyncSchema,
-  CloudflareWorkersSyncSchema,
+  ZabbixSyncSchema
-
-  ZabbixSyncSchema,
-  RailwaySyncSchema
 ]);
 
 const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
@@ -98,10 +90,7 @@ const SecretSyncOptionsSchema = z.discriminatedUnion("destination", [
   FlyioSyncListItemSchema,
   GitLabSyncListItemSchema,
   CloudflarePagesSyncListItemSchema,
-  CloudflareWorkersSyncListItemSchema,
+  ZabbixSyncListItemSchema
-
-  ZabbixSyncListItemSchema,
-  RailwaySyncListItemSchema
 ]);
 
 export const registerSecretSyncRouter = async (server: FastifyZodProvider) => {

backend/src/server/routes/v3/secret-router.ts

@@ -2,7 +2,7 @@ import picomatch from "picomatch";
 import { z } from "zod";
 
 import { SecretApprovalRequestsSchema, SecretsSchema, SecretType, ServiceTokenScopes } from "@app/db/schemas";
-import { EventType, SecretApprovalEvent, UserAgentType } from "@app/ee/services/audit-log/audit-log-types";
+import { EventType, UserAgentType } from "@app/ee/services/audit-log/audit-log-types";
 import { ApiDocsTags, RAW_SECRETS, SECRETS } from "@app/lib/api-docs";
 import { BadRequestError } from "@app/lib/errors";
 import { removeTrailingSlash } from "@app/lib/fn";
@@ -594,23 +594,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         secretReminderRepeatDays: req.body.secretReminderRepeatDays
       });
       if (secretOperation.type === SecretProtectionType.Approval) {
-        await server.services.auditLog.createAuditLog({
-          projectId: req.body.workspaceId,
-          ...req.auditLogInfo,
-          event: {
-            type: EventType.SECRET_APPROVAL_REQUEST,
-            metadata: {
-              committedBy: secretOperation.approval.committerUserId,
-              secretApprovalRequestId: secretOperation.approval.id,
-              secretApprovalRequestSlug: secretOperation.approval.slug,
-              secretPath: req.body.secretPath,
-              environment: req.body.environment,
-              secretKey: req.params.secretName,
-              eventType: SecretApprovalEvent.Create
-            }
-          }
-        });
-
         return { approval: secretOperation.approval };
       }
 
@@ -747,23 +730,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
       });
 
       if (secretOperation.type === SecretProtectionType.Approval) {
-        await server.services.auditLog.createAuditLog({
-          projectId: req.body.workspaceId,
-          ...req.auditLogInfo,
-          event: {
-            type: EventType.SECRET_APPROVAL_REQUEST,
-            metadata: {
-              committedBy: secretOperation.approval.committerUserId,
-              secretApprovalRequestId: secretOperation.approval.id,
-              secretApprovalRequestSlug: secretOperation.approval.slug,
-              secretPath: req.body.secretPath,
-              environment: req.body.environment,
-              secretKey: req.params.secretName,
-              eventType: SecretApprovalEvent.Update
-            }
-          }
-        });
-
         return { approval: secretOperation.approval };
       }
       const { secret } = secretOperation;
@@ -865,23 +831,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         type: req.body.type
       });
       if (secretOperation.type === SecretProtectionType.Approval) {
-        await server.services.auditLog.createAuditLog({
-          projectId: req.body.workspaceId,
-          ...req.auditLogInfo,
-          event: {
-            type: EventType.SECRET_APPROVAL_REQUEST,
-            metadata: {
-              committedBy: secretOperation.approval.committerUserId,
-              secretApprovalRequestId: secretOperation.approval.id,
-              secretApprovalRequestSlug: secretOperation.approval.slug,
-              secretPath: req.body.secretPath,
-              environment: req.body.environment,
-              secretKey: req.params.secretName,
-              eventType: SecretApprovalEvent.Delete
-            }
-          }
-        });
-
         return { approval: secretOperation.approval };
       }
 
@@ -1216,10 +1165,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
               metadata: {
                 committedBy: approval.committerUserId,
                 secretApprovalRequestId: approval.id,
-                secretApprovalRequestSlug: approval.slug,
+                secretApprovalRequestSlug: approval.slug
-                secretPath,
-                environment,
-                eventType: SecretApprovalEvent.Create
               }
             }
           });
@@ -1405,11 +1351,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
               metadata: {
                 committedBy: approval.committerUserId,
                 secretApprovalRequestId: approval.id,
-                secretApprovalRequestSlug: approval.slug,
+                secretApprovalRequestSlug: approval.slug
-                secretPath,
-                environment,
-                secretKey: req.params.secretName,
-                eventType: SecretApprovalEvent.Update
               }
             }
           });
@@ -1547,11 +1489,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
               metadata: {
                 committedBy: approval.committerUserId,
                 secretApprovalRequestId: approval.id,
-                secretApprovalRequestSlug: approval.slug,
+                secretApprovalRequestSlug: approval.slug
-                secretPath,
-                environment,
-                secretKey: req.params.secretName,
-                eventType: SecretApprovalEvent.Delete
               }
             }
           });
@@ -1735,10 +1673,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
               metadata: {
                 committedBy: approval.committerUserId,
                 secretApprovalRequestId: approval.id,
-                secretApprovalRequestSlug: approval.slug,
+                secretApprovalRequestSlug: approval.slug
-                secretPath,
-                environment,
-                eventType: SecretApprovalEvent.CreateMany
               }
             }
           });
@@ -1866,13 +1801,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
               metadata: {
                 committedBy: approval.committerUserId,
                 secretApprovalRequestId: approval.id,
-                secretApprovalRequestSlug: approval.slug,
+                secretApprovalRequestSlug: approval.slug
-                secretPath,
-                environment,
-                eventType: SecretApprovalEvent.UpdateMany,
-                secrets: inputSecrets.map((secret) => ({
-                  secretKey: secret.secretName
-                }))
               }
             }
           });
@@ -1991,13 +1920,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
               metadata: {
                 committedBy: approval.committerUserId,
                 secretApprovalRequestId: approval.id,
-                secretApprovalRequestSlug: approval.slug,
+                secretApprovalRequestSlug: approval.slug
-                secretPath,
-                environment,
-                secrets: inputSecrets.map((secret) => ({
-                  secretKey: secret.secretName
-                })),
-                eventType: SecretApprovalEvent.DeleteMany
               }
             }
           });
@@ -2115,24 +2038,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         secrets: inputSecrets
       });
       if (secretOperation.type === SecretProtectionType.Approval) {
-        await server.services.auditLog.createAuditLog({
-          projectId: req.body.workspaceId,
-          ...req.auditLogInfo,
-          event: {
-            type: EventType.SECRET_APPROVAL_REQUEST,
-            metadata: {
-              committedBy: secretOperation.approval.committerUserId,
-              secretApprovalRequestId: secretOperation.approval.id,
-              secretApprovalRequestSlug: secretOperation.approval.slug,
-              secretPath,
-              environment,
-              secrets: inputSecrets.map((secret) => ({
-                secretKey: secret.secretKey
-              })),
-              eventType: SecretApprovalEvent.CreateMany
-            }
-          }
-        });
         return { approval: secretOperation.approval };
       }
       const { secrets } = secretOperation;
@@ -2265,25 +2170,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         mode: req.body.mode
       });
       if (secretOperation.type === SecretProtectionType.Approval) {
-        await server.services.auditLog.createAuditLog({
-          projectId: req.body.workspaceId,
-          ...req.auditLogInfo,
-          event: {
-            type: EventType.SECRET_APPROVAL_REQUEST,
-            metadata: {
-              committedBy: secretOperation.approval.committerUserId,
-              secretApprovalRequestId: secretOperation.approval.id,
-              secretApprovalRequestSlug: secretOperation.approval.slug,
-              secretPath,
-              environment,
-              secrets: inputSecrets.map((secret) => ({
-                secretKey: secret.secretKey,
-                secretPath: secret.secretPath
-              })),
-              eventType: SecretApprovalEvent.UpdateMany
-            }
-          }
-        });
         return { approval: secretOperation.approval };
       }
       const { secrets } = secretOperation;
@@ -2412,25 +2298,6 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         secrets: inputSecrets
       });
       if (secretOperation.type === SecretProtectionType.Approval) {
-        await server.services.auditLog.createAuditLog({
-          projectId: req.body.workspaceId,
-          ...req.auditLogInfo,
-          event: {
-            type: EventType.SECRET_APPROVAL_REQUEST,
-            metadata: {
-              committedBy: secretOperation.approval.committerUserId,
-              secretApprovalRequestId: secretOperation.approval.id,
-              secretApprovalRequestSlug: secretOperation.approval.slug,
-              secretPath,
-              environment,
-              secrets: inputSecrets.map((secret) => ({
-                secretKey: secret.secretKey
-              })),
-              eventType: SecretApprovalEvent.DeleteMany
-            }
-          }
-        });
-
         return { approval: secretOperation.approval };
       }
       const { secrets } = secretOperation;

backend/src/services/app-connection/app-connection-enums.ts

@@ -28,9 +28,8 @@ export enum AppConnection {
   Flyio = "flyio",
   GitLab = "gitlab",
   Cloudflare = "cloudflare",
-  Zabbix = "zabbix",
+  Bitbucket = "bitbucket",
-  Railway = "railway",
+  Zabbix = "zabbix"
-  Bitbucket = "bitbucket"
 }
 
 export enum AWSRegion {

backend/src/services/app-connection/app-connection-fns.ts

@@ -91,7 +91,6 @@ import { getMsSqlConnectionListItem, MsSqlConnectionMethod } from "./mssql";
 import { MySqlConnectionMethod } from "./mysql/mysql-connection-enums";
 import { getMySqlConnectionListItem } from "./mysql/mysql-connection-fns";
 import { getPostgresConnectionListItem, PostgresConnectionMethod } from "./postgres";
-import { getRailwayConnectionListItem, validateRailwayConnectionCredentials } from "./railway";
 import { RenderConnectionMethod } from "./render/render-connection-enums";
 import { getRenderConnectionListItem, validateRenderConnectionCredentials } from "./render/render-connection-fns";
 import {
@@ -144,9 +143,8 @@ export const listAppConnectionOptions = () => {
     getFlyioConnectionListItem(),
     getGitLabConnectionListItem(),
     getCloudflareConnectionListItem(),
-    getZabbixConnectionListItem(),
+    getBitbucketConnectionListItem(),
-    getRailwayConnectionListItem(),
+    getZabbixConnectionListItem()
-    getBitbucketConnectionListItem()
   ].sort((a, b) => a.name.localeCompare(b.name));
 };
 
@@ -227,9 +225,8 @@ export const validateAppConnectionCredentials = async (
     [AppConnection.Flyio]: validateFlyioConnectionCredentials as TAppConnectionCredentialsValidator,
     [AppConnection.GitLab]: validateGitLabConnectionCredentials as TAppConnectionCredentialsValidator,
     [AppConnection.Cloudflare]: validateCloudflareConnectionCredentials as TAppConnectionCredentialsValidator,
-    [AppConnection.Zabbix]: validateZabbixConnectionCredentials as TAppConnectionCredentialsValidator,
+    [AppConnection.Bitbucket]: validateBitbucketConnectionCredentials as TAppConnectionCredentialsValidator,
-    [AppConnection.Railway]: validateRailwayConnectionCredentials as TAppConnectionCredentialsValidator,
+    [AppConnection.Zabbix]: validateZabbixConnectionCredentials as TAppConnectionCredentialsValidator
-    [AppConnection.Bitbucket]: validateBitbucketConnectionCredentials as TAppConnectionCredentialsValidator
   };
 
   return VALIDATE_APP_CONNECTION_CREDENTIALS_MAP[appConnection.app](appConnection);
@@ -348,9 +345,8 @@ export const TRANSITION_CONNECTION_CREDENTIALS_TO_PLATFORM: Record<
   [AppConnection.Flyio]: platformManagedCredentialsNotSupported,
   [AppConnection.GitLab]: platformManagedCredentialsNotSupported,
   [AppConnection.Cloudflare]: platformManagedCredentialsNotSupported,
-  [AppConnection.Zabbix]: platformManagedCredentialsNotSupported,
+  [AppConnection.Bitbucket]: platformManagedCredentialsNotSupported,
-  [AppConnection.Railway]: platformManagedCredentialsNotSupported,
+  [AppConnection.Zabbix]: platformManagedCredentialsNotSupported
-  [AppConnection.Bitbucket]: platformManagedCredentialsNotSupported
 };
 
 export const enterpriseAppCheck = async (

backend/src/services/app-connection/app-connection-maps.ts

@@ -30,9 +30,8 @@ export const APP_CONNECTION_NAME_MAP: Record<AppConnection, string> = {
   [AppConnection.Flyio]: "Fly.io",
   [AppConnection.GitLab]: "GitLab",
   [AppConnection.Cloudflare]: "Cloudflare",
-  [AppConnection.Zabbix]: "Zabbix",
+  [AppConnection.Bitbucket]: "Bitbucket",
-  [AppConnection.Railway]: "Railway",
+  [AppConnection.Zabbix]: "Zabbix"
-  [AppConnection.Bitbucket]: "Bitbucket"
 };
 
 export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanType> = {
@@ -65,7 +64,6 @@ export const APP_CONNECTION_PLAN_MAP: Record<AppConnection, AppConnectionPlanTyp
   [AppConnection.Flyio]: AppConnectionPlanType.Regular,
   [AppConnection.GitLab]: AppConnectionPlanType.Regular,
   [AppConnection.Cloudflare]: AppConnectionPlanType.Regular,
-  [AppConnection.Zabbix]: AppConnectionPlanType.Regular,
+  [AppConnection.Bitbucket]: AppConnectionPlanType.Regular,
-  [AppConnection.Railway]: AppConnectionPlanType.Regular,
+  [AppConnection.Zabbix]: AppConnectionPlanType.Regular
-  [AppConnection.Bitbucket]: AppConnectionPlanType.Regular
 };

backend/src/services/app-connection/app-connection-service.ts

@@ -72,8 +72,6 @@ import { ValidateLdapConnectionCredentialsSchema } from "./ldap";
 import { ValidateMsSqlConnectionCredentialsSchema } from "./mssql";
 import { ValidateMySqlConnectionCredentialsSchema } from "./mysql";
 import { ValidatePostgresConnectionCredentialsSchema } from "./postgres";
-import { ValidateRailwayConnectionCredentialsSchema } from "./railway";
-import { railwayConnectionService } from "./railway/railway-connection-service";
 import { ValidateRenderConnectionCredentialsSchema } from "./render/render-connection-schema";
 import { renderConnectionService } from "./render/render-connection-service";
 import { ValidateTeamCityConnectionCredentialsSchema } from "./teamcity";
@@ -126,9 +124,8 @@ const VALIDATE_APP_CONNECTION_CREDENTIALS_MAP: Record<AppConnection, TValidateAp
   [AppConnection.Flyio]: ValidateFlyioConnectionCredentialsSchema,
   [AppConnection.GitLab]: ValidateGitLabConnectionCredentialsSchema,
   [AppConnection.Cloudflare]: ValidateCloudflareConnectionCredentialsSchema,
-  [AppConnection.Zabbix]: ValidateZabbixConnectionCredentialsSchema,
+  [AppConnection.Bitbucket]: ValidateBitbucketConnectionCredentialsSchema,
-  [AppConnection.Railway]: ValidateRailwayConnectionCredentialsSchema,
+  [AppConnection.Zabbix]: ValidateZabbixConnectionCredentialsSchema
-  [AppConnection.Bitbucket]: ValidateBitbucketConnectionCredentialsSchema
 };
 
 export const appConnectionServiceFactory = ({
@@ -539,8 +536,7 @@ export const appConnectionServiceFactory = ({
     flyio: flyioConnectionService(connectAppConnectionById),
     gitlab: gitlabConnectionService(connectAppConnectionById, appConnectionDAL, kmsService),
     cloudflare: cloudflareConnectionService(connectAppConnectionById),
-    zabbix: zabbixConnectionService(connectAppConnectionById),
+    bitbucket: bitbucketConnectionService(connectAppConnectionById),
-    railway: railwayConnectionService(connectAppConnectionById),
+    zabbix: zabbixConnectionService(connectAppConnectionById)
-    bitbucket: bitbucketConnectionService(connectAppConnectionById)
   };
 };

backend/src/services/app-connection/app-connection-types.ts

@@ -141,12 +141,6 @@ import {
   TPostgresConnectionInput,
   TValidatePostgresConnectionCredentialsSchema
 } from "./postgres";
-import {
-  TRailwayConnection,
-  TRailwayConnectionConfig,
-  TRailwayConnectionInput,
-  TValidateRailwayConnectionCredentialsSchema
-} from "./railway";
 import {
   TRenderConnection,
   TRenderConnectionConfig,
@@ -216,7 +210,6 @@ export type TAppConnection = { id: string } & (
   | TCloudflareConnection
   | TBitbucketConnection
   | TZabbixConnection
-  | TRailwayConnection
 );
 
 export type TAppConnectionRaw = NonNullable<Awaited<ReturnType<TAppConnectionDALFactory["findById"]>>>;
@@ -255,7 +248,6 @@ export type TAppConnectionInput = { id: string } & (
   | TCloudflareConnectionInput
   | TBitbucketConnectionInput
   | TZabbixConnectionInput
-  | TRailwayConnectionInput
 );
 
 export type TSqlConnectionInput =
@@ -301,8 +293,7 @@ export type TAppConnectionConfig =
   | TGitLabConnectionConfig
   | TCloudflareConnectionConfig
   | TBitbucketConnectionConfig
-  | TZabbixConnectionConfig
+  | TZabbixConnectionConfig;
-  | TRailwayConnectionConfig;
 
 export type TValidateAppConnectionCredentialsSchema =
   | TValidateAwsConnectionCredentialsSchema
@@ -335,8 +326,7 @@ export type TValidateAppConnectionCredentialsSchema =
   | TValidateGitLabConnectionCredentialsSchema
   | TValidateCloudflareConnectionCredentialsSchema
   | TValidateBitbucketConnectionCredentialsSchema
-  | TValidateZabbixConnectionCredentialsSchema
+  | TValidateZabbixConnectionCredentialsSchema;
-  | TValidateRailwayConnectionCredentialsSchema;
 
 export type TListAwsConnectionKmsKeys = {
   connectionId: string;

backend/src/services/app-connection/cloudflare/cloudflare-connection-fns.ts

@@ -9,8 +9,7 @@ import { CloudflareConnectionMethod } from "./cloudflare-connection-enum";
 import {
   TCloudflareConnection,
   TCloudflareConnectionConfig,
-  TCloudflarePagesProject,
+  TCloudflarePagesProject
-  TCloudflareWorkersScript
 } from "./cloudflare-connection-types";
 
 export const getCloudflareConnectionListItem = () => {
@@ -44,28 +43,6 @@ export const listCloudflarePagesProjects = async (
   }));
 };
 
-export const listCloudflareWorkersScripts = async (
-  appConnection: TCloudflareConnection
-): Promise<TCloudflareWorkersScript[]> => {
-  const {
-    credentials: { apiToken, accountId }
-  } = appConnection;
-
-  const { data } = await request.get<{ result: { id: string }[] }>(
-    `${IntegrationUrls.CLOUDFLARE_API_URL}/client/v4/accounts/${accountId}/workers/scripts`,
-    {
-      headers: {
-        Authorization: `Bearer ${apiToken}`,
-        Accept: "application/json"
-      }
-    }
-  );
-
-  return data.result.map((a) => ({
-    id: a.id
-  }));
-};
-
 export const validateCloudflareConnectionCredentials = async (config: TCloudflareConnectionConfig) => {
   const { apiToken, accountId } = config.credentials;
 

backend/src/services/app-connection/cloudflare/cloudflare-connection-service.ts

@@ -2,7 +2,7 @@ import { logger } from "@app/lib/logger";
 import { OrgServiceActor } from "@app/lib/types";
 
 import { AppConnection } from "../app-connection-enums";
-import { listCloudflarePagesProjects, listCloudflareWorkersScripts } from "./cloudflare-connection-fns";
+import { listCloudflarePagesProjects } from "./cloudflare-connection-fns";
 import { TCloudflareConnection } from "./cloudflare-connection-types";
 
 type TGetAppConnectionFunc = (
@@ -19,31 +19,12 @@ export const cloudflareConnectionService = (getAppConnection: TGetAppConnectionF
 
       return projects;
     } catch (error) {
-      logger.error(
+      logger.error(error, "Failed to list Cloudflare Pages projects for Cloudflare connection");
-        error,
-        `Failed to list Cloudflare Pages projects for Cloudflare connection [connectionId=${connectionId}]`
-      );
-      return [];
-    }
-  };
-
-  const listWorkersScripts = async (connectionId: string, actor: OrgServiceActor) => {
-    const appConnection = await getAppConnection(AppConnection.Cloudflare, connectionId, actor);
-    try {
-      const projects = await listCloudflareWorkersScripts(appConnection);
-
-      return projects;
-    } catch (error) {
-      logger.error(
-        error,
-        `Failed to list Cloudflare Workers scripts for Cloudflare connection [connectionId=${connectionId}]`
-      );
       return [];
     }
   };
 
   return {
-    listPagesProjects,
+    listPagesProjects
-    listWorkersScripts
   };
 };

backend/src/services/app-connection/cloudflare/cloudflare-connection-types.ts

@@ -28,7 +28,3 @@ export type TCloudflarePagesProject = {
   id: string;
   name: string;
 };
-
-export type TCloudflareWorkersScript = {
-  id: string;
-};

backend/src/services/app-connection/github/github-connection-fns.ts

@@ -7,6 +7,7 @@ import { request } from "@app/lib/config/request";
 import { BadRequestError, ForbiddenRequestError, InternalServerError } from "@app/lib/errors";
 import { getAppConnectionMethodName } from "@app/services/app-connection/app-connection-fns";
 import { IntegrationUrls } from "@app/services/integration-auth/integration-list";
+import { getInstanceIntegrationsConfig } from "@app/services/super-admin/super-admin-service";
 
 import { AppConnection } from "../app-connection-enums";
 import { GitHubConnectionMethod } from "./github-connection-enums";
@@ -14,13 +15,14 @@ import { TGitHubConnection, TGitHubConnectionConfig } from "./github-connection-
 
 export const getGitHubConnectionListItem = () => {
   const { INF_APP_CONNECTION_GITHUB_OAUTH_CLIENT_ID, INF_APP_CONNECTION_GITHUB_APP_SLUG } = getConfig();
+  const { gitHubAppConnection } = getInstanceIntegrationsConfig();
 
   return {
     name: "GitHub" as const,
     app: AppConnection.GitHub as const,
     methods: Object.values(GitHubConnectionMethod) as [GitHubConnectionMethod.App, GitHubConnectionMethod.OAuth],
     oauthClientId: INF_APP_CONNECTION_GITHUB_OAUTH_CLIENT_ID,
-    appClientSlug: INF_APP_CONNECTION_GITHUB_APP_SLUG
+    appClientSlug: gitHubAppConnection.appSlug || INF_APP_CONNECTION_GITHUB_APP_SLUG
   };
 };
 
@@ -30,9 +32,10 @@ export const getGitHubClient = (appConnection: TGitHubConnection) => {
   const { method, credentials } = appConnection;
 
   let client: Octokit;
+  const { gitHubAppConnection } = getInstanceIntegrationsConfig();
 
-  const appId = appCfg.INF_APP_CONNECTION_GITHUB_APP_ID;
+  const appId = gitHubAppConnection.appId || appCfg.INF_APP_CONNECTION_GITHUB_APP_ID;
-  const appPrivateKey = appCfg.INF_APP_CONNECTION_GITHUB_APP_PRIVATE_KEY;
+  const appPrivateKey = gitHubAppConnection.privateKey || appCfg.INF_APP_CONNECTION_GITHUB_APP_PRIVATE_KEY;
 
   switch (method) {
     case GitHubConnectionMethod.App:
@@ -154,6 +157,8 @@ type TokenRespData = {
 export const validateGitHubConnectionCredentials = async (config: TGitHubConnectionConfig) => {
   const { credentials, method } = config;
 
+  const { gitHubAppConnection } = getInstanceIntegrationsConfig();
+
   const {
     INF_APP_CONNECTION_GITHUB_OAUTH_CLIENT_ID,
     INF_APP_CONNECTION_GITHUB_OAUTH_CLIENT_SECRET,
@@ -165,8 +170,8 @@ export const validateGitHubConnectionCredentials = async (config: TGitHubConnect
   const { clientId, clientSecret } =
     method === GitHubConnectionMethod.App
       ? {
-          clientId: INF_APP_CONNECTION_GITHUB_APP_CLIENT_ID,
+          clientId: gitHubAppConnection.clientId || INF_APP_CONNECTION_GITHUB_APP_CLIENT_ID,
-          clientSecret: INF_APP_CONNECTION_GITHUB_APP_CLIENT_SECRET
+          clientSecret: gitHubAppConnection.clientSecret || INF_APP_CONNECTION_GITHUB_APP_CLIENT_SECRET
         }
       : // oauth
         {

backend/src/services/app-connection/railway/index.ts

@@ -1,4 +0,0 @@
-export * from "./railway-connection-constants";
-export * from "./railway-connection-fns";
-export * from "./railway-connection-schemas";
-export * from "./railway-connection-types";

backend/src/services/app-connection/railway/railway-connection-constants.ts

@@ -1,5 +0,0 @@
-export enum RailwayConnectionMethod {
-  AccountToken = "account-token",
-  ProjectToken = "project-token",
-  TeamToken = "team-token"
-}

backend/src/services/app-connection/railway/railway-connection-fns.ts

@@ -1,66 +0,0 @@
-/* eslint-disable no-await-in-loop */
-import { AxiosError } from "axios";
-
-import { BadRequestError } from "@app/lib/errors";
-import { AppConnection } from "@app/services/app-connection/app-connection-enums";
-
-import { RailwayConnectionMethod } from "./railway-connection-constants";
-import { RailwayPublicAPI } from "./railway-connection-public-client";
-import { TRailwayConnection, TRailwayConnectionConfig } from "./railway-connection-types";
-
-export const getRailwayConnectionListItem = () => {
-  return {
-    name: "Railway" as const,
-    app: AppConnection.Railway as const,
-    methods: Object.values(RailwayConnectionMethod)
-  };
-};
-
-export const validateRailwayConnectionCredentials = async (config: TRailwayConnectionConfig) => {
-  const { credentials, method } = config;
-
-  try {
-    await RailwayPublicAPI.healthcheck({
-      method,
-      credentials
-    });
-  } catch (error: unknown) {
-    if (error instanceof AxiosError) {
-      throw new BadRequestError({
-        message: `Failed to validate credentials: ${error.message || "Unknown error"}`
-      });
-    }
-
-    throw new BadRequestError({
-      message: "Unable to validate connection - verify credentials"
-    });
-  }
-
-  return credentials;
-};
-
-export const listProjects = async (appConnection: TRailwayConnection) => {
-  const { credentials, method } = appConnection;
-
-  try {
-    return await RailwayPublicAPI.listProjects({
-      method,
-      credentials
-    });
-  } catch (error: unknown) {
-    if (error instanceof AxiosError) {
-      throw new BadRequestError({
-        message: `Failed to list projects: ${error.message || "Unknown error"}`
-      });
-    }
-
-    if (error instanceof BadRequestError) {
-      throw error;
-    }
-
-    throw new BadRequestError({
-      message: "Unable to list projects",
-      error
-    });
-  }
-};

backend/src/services/app-connection/railway/railway-connection-public-client.ts

@@ -1,237 +0,0 @@
-/* eslint-disable class-methods-use-this */
-import { AxiosError, AxiosInstance, AxiosResponse } from "axios";
-
-import { createRequestClient } from "@app/lib/config/request";
-import { BadRequestError } from "@app/lib/errors";
-import { IntegrationUrls } from "@app/services/integration-auth/integration-list";
-
-import { RailwayConnectionMethod } from "./railway-connection-constants";
-import {
-  RailwayAccountWorkspaceListSchema,
-  RailwayGetProjectsByProjectTokenSchema,
-  RailwayGetSubscriptionTypeSchema,
-  RailwayProjectsListSchema
-} from "./railway-connection-schemas";
-import { RailwayProject, TRailwayConnectionConfig, TRailwayResponse } from "./railway-connection-types";
-
-type RailwaySendReqOptions = Pick<TRailwayConnectionConfig, "credentials" | "method">;
-
-export function getRailwayAuthHeaders(method: RailwayConnectionMethod, token: string): Record<string, string> {
-  switch (method) {
-    case RailwayConnectionMethod.AccountToken:
-    case RailwayConnectionMethod.TeamToken:
-      return {
-        Authorization: token
-      };
-    case RailwayConnectionMethod.ProjectToken:
-      return {
-        "Project-Access-Token": token
-      };
-    default:
-      throw new Error(`Unsupported Railway connection method`);
-  }
-}
-
-export function getRailwayRatelimiter(headers: AxiosResponse["headers"]): {
-  isRatelimited: boolean;
-  maxAttempts: number;
-  wait: () => Promise<void>;
-} {
-  const retryAfter: number | undefined = headers["Retry-After"] as number | undefined;
-  const requestsLeft = parseInt(headers["X-RateLimit-Remaining"] as string, 10);
-  const limitResetAt = headers["X-RateLimit-Reset"] as string;
-
-  const now = +new Date();
-  const nextReset = +new Date(limitResetAt);
-
-  const remaining = Math.min(0, nextReset - now);
-
-  const wait = () => {
-    return new Promise<void>((res) => {
-      setTimeout(res, remaining);
-    });
-  };
-
-  return {
-    isRatelimited: Boolean(retryAfter || requestsLeft === 0),
-    wait,
-    maxAttempts: 3
-  };
-}
-
-class RailwayPublicClient {
-  private client: AxiosInstance;
-
-  constructor() {
-    this.client = createRequestClient({
-      method: "POST",
-      baseURL: IntegrationUrls.RAILWAY_API_URL,
-      headers: {
-        "Content-Type": "application/json"
-      }
-    });
-  }
-
-  async send<T extends TRailwayResponse>(
-    query: string,
-    options: RailwaySendReqOptions,
-    variables: Record<string, string | Record<string, string>> = {},
-    retryAttempt: number = 0
-  ): Promise<T["data"] | undefined> {
-    const body = {
-      query,
-      variables
-    };
-
-    const response = await this.client.request<T>({
-      data: body,
-      headers: getRailwayAuthHeaders(options.method, options.credentials.apiToken)
-    });
-
-    const { errors } = response.data;
-
-    if (Array.isArray(errors) && errors.length > 0) {
-      throw new AxiosError(errors[0].message);
-    }
-
-    const limiter = getRailwayRatelimiter(response.headers);
-
-    if (limiter.isRatelimited && retryAttempt <= limiter.maxAttempts) {
-      await limiter.wait();
-      return this.send(query, options, variables, retryAttempt + 1);
-    }
-
-    return response.data.data;
-  }
-
-  healthcheck(config: RailwaySendReqOptions) {
-    switch (config.method) {
-      case RailwayConnectionMethod.AccountToken:
-        return this.send(`{ me { teams { edges { node { id } } } } }`, config);
-      case RailwayConnectionMethod.ProjectToken:
-        return this.send(`{ projectToken { projectId environmentId project { id } } }`, config);
-      case RailwayConnectionMethod.TeamToken:
-        return this.send(`{ projects { edges { node { id name team { id } } } } }`, config);
-      default:
-        throw new Error(`Unsupported Railway connection method`);
-    }
-  }
-
-  async getSubscriptionType(config: RailwaySendReqOptions & { projectId: string }) {
-    const res = await this.send(
-      `query project($projectId: String!) { project(id: $projectId) { subscriptionType }}`,
-      config,
-      {
-        projectId: config.projectId
-      }
-    );
-
-    const data = await RailwayGetSubscriptionTypeSchema.parseAsync(res);
-
-    return data.project.subscriptionType;
-  }
-
-  async listProjects(config: RailwaySendReqOptions): Promise<RailwayProject[]> {
-    switch (config.method) {
-      case RailwayConnectionMethod.TeamToken: {
-        const res = await this.send(
-          `{ projects { edges { node { id, name, services{ edges{ node { id, name } } } environments { edges { node { name, id } } } } } } }`,
-          config
-        );
-
-        const data = await RailwayProjectsListSchema.parseAsync(res);
-
-        return data.projects.edges.map((p) => ({
-          id: p.node.id,
-          name: p.node.name,
-          environments: p.node.environments.edges.map((e) => e.node),
-          services: p.node.services.edges.map((s) => s.node)
-        }));
-      }
-
-      case RailwayConnectionMethod.AccountToken: {
-        const res = await this.send(
-          `{ me { workspaces { id, name, team{ projects{ edges{ node{ id, name, services{ edges { node { name, id } } } environments { edges { node { name, id } } } } } } } } } }`,
-          config
-        );
-
-        const data = await RailwayAccountWorkspaceListSchema.parseAsync(res);
-
-        return data.me.workspaces.flatMap((w) =>
-          w.team.projects.edges.map((p) => ({
-            id: p.node.id,
-            name: p.node.name,
-            environments: p.node.environments.edges.map((e) => e.node),
-            services: p.node.services.edges.map((s) => s.node)
-          }))
-        );
-      }
-
-      case RailwayConnectionMethod.ProjectToken: {
-        const res = await this.send(
-          `query { projectToken { project { id, name, services { edges { node { name, id } } } environments { edges { node { name, id } } } } } }`,
-          config
-        );
-
-        const data = await RailwayGetProjectsByProjectTokenSchema.parseAsync(res);
-
-        const p = data.projectToken.project;
-
-        return [
-          {
-            id: p.id,
-            name: p.name,
-            environments: p.environments.edges.map((e) => e.node),
-            services: p.services.edges.map((s) => s.node)
-          }
-        ];
-      }
-
-      default:
-        throw new Error(`Unsupported Railway connection method`);
-    }
-  }
-
-  async getVariables(
-    config: RailwaySendReqOptions,
-    variables: { projectId: string; environmentId: string; serviceId?: string }
-  ) {
-    const res = await this.send<TRailwayResponse<{ variables: Record<string, string> }>>(
-      `query variables($environmentId: String!, $projectId: String!, $serviceId: String) { variables( projectId: $projectId, environmentId: $environmentId, serviceId: $serviceId ) }`,
-      config,
-      variables
-    );
-
-    if (!res?.variables) {
-      throw new BadRequestError({
-        message: "Failed to get railway variables - empty response"
-      });
-    }
-
-    return res.variables;
-  }
-
-  async deleteVariable(
-    config: RailwaySendReqOptions,
-    variables: { input: { projectId: string; environmentId: string; name: string; serviceId?: string } }
-  ) {
-    await this.send<TRailwayResponse<{ variables: Record<string, string> }>>(
-      `mutation variableDelete($input: VariableDeleteInput!) { variableDelete(input: $input) }`,
-      config,
-      variables
-    );
-  }
-
-  async upsertVariable(
-    config: RailwaySendReqOptions,
-    variables: { input: { projectId: string; environmentId: string; name: string; value: string; serviceId?: string } }
-  ) {
-    await this.send<TRailwayResponse<{ variables: Record<string, string> }>>(
-      `mutation variableUpsert($input: VariableUpsertInput!) { variableUpsert(input: $input) }`,
-      config,
-      variables
-    );
-  }
-}
-
-export const RailwayPublicAPI = new RailwayPublicClient();

backend/src/services/app-connection/railway/railway-connection-schemas.ts

@@ -1,117 +0,0 @@
-import z from "zod";
-
-import { AppConnections } from "@app/lib/api-docs";
-import { AppConnection } from "@app/services/app-connection/app-connection-enums";
-import {
-  BaseAppConnectionSchema,
-  GenericCreateAppConnectionFieldsSchema,
-  GenericUpdateAppConnectionFieldsSchema
-} from "@app/services/app-connection/app-connection-schemas";
-
-import { RailwayConnectionMethod } from "./railway-connection-constants";
-
-export const RailwayConnectionMethodSchema = z
-  .nativeEnum(RailwayConnectionMethod)
-  .describe(AppConnections.CREATE(AppConnection.Railway).method);
-
-export const RailwayConnectionAccessTokenCredentialsSchema = z.object({
-  apiToken: z
-    .string()
-    .trim()
-    .min(1, "API Token required")
-    .max(255)
-    .describe(AppConnections.CREDENTIALS.RAILWAY.apiToken)
-});
-
-const BaseRailwayConnectionSchema = BaseAppConnectionSchema.extend({
-  app: z.literal(AppConnection.Railway)
-});
-
-export const RailwayConnectionSchema = BaseRailwayConnectionSchema.extend({
-  method: RailwayConnectionMethodSchema,
-  credentials: RailwayConnectionAccessTokenCredentialsSchema
-});
-
-export const SanitizedRailwayConnectionSchema = z.discriminatedUnion("method", [
-  BaseRailwayConnectionSchema.extend({
-    method: RailwayConnectionMethodSchema,
-    credentials: RailwayConnectionAccessTokenCredentialsSchema.pick({})
-  })
-]);
-
-export const ValidateRailwayConnectionCredentialsSchema = z.discriminatedUnion("method", [
-  z.object({
-    method: RailwayConnectionMethodSchema,
-    credentials: RailwayConnectionAccessTokenCredentialsSchema.describe(
-      AppConnections.CREATE(AppConnection.Railway).credentials
-    )
-  })
-]);
-
-export const CreateRailwayConnectionSchema = ValidateRailwayConnectionCredentialsSchema.and(
-  GenericCreateAppConnectionFieldsSchema(AppConnection.Railway)
-);
-
-export const UpdateRailwayConnectionSchema = z
-  .object({
-    credentials: RailwayConnectionAccessTokenCredentialsSchema.optional().describe(
-      AppConnections.UPDATE(AppConnection.Railway).credentials
-    )
-  })
-  .and(GenericUpdateAppConnectionFieldsSchema(AppConnection.Railway));
-
-export const RailwayConnectionListItemSchema = z.object({
-  name: z.literal("Railway"),
-  app: z.literal(AppConnection.Railway),
-  methods: z.nativeEnum(RailwayConnectionMethod).array()
-});
-
-export const RailwayResourceSchema = z.object({
-  node: z.object({
-    id: z.string(),
-    name: z.string()
-  })
-});
-
-export const RailwayProjectEdgeSchema = z.object({
-  node: z.object({
-    id: z.string(),
-    name: z.string(),
-    services: z.object({
-      edges: z.array(RailwayResourceSchema)
-    }),
-    environments: z.object({
-      edges: z.array(RailwayResourceSchema)
-    })
-  })
-});
-
-export const RailwayProjectsListSchema = z.object({
-  projects: z.object({
-    edges: z.array(RailwayProjectEdgeSchema)
-  })
-});
-
-export const RailwayAccountWorkspaceListSchema = z.object({
-  me: z.object({
-    workspaces: z.array(
-      z.object({
-        id: z.string(),
-        name: z.string(),
-        team: RailwayProjectsListSchema
-      })
-    )
-  })
-});
-
-export const RailwayGetProjectsByProjectTokenSchema = z.object({
-  projectToken: z.object({
-    project: RailwayProjectEdgeSchema.shape.node
-  })
-});
-
-export const RailwayGetSubscriptionTypeSchema = z.object({
-  project: z.object({
-    subscriptionType: z.enum(["free", "hobby", "pro", "trial"])
-  })
-});

backend/src/services/app-connection/railway/railway-connection-service.ts

@@ -1,30 +0,0 @@
-import { logger } from "@app/lib/logger";
-import { OrgServiceActor } from "@app/lib/types";
-
-import { AppConnection } from "../app-connection-enums";
-import { listProjects as getRailwayProjects } from "./railway-connection-fns";
-import { TRailwayConnection } from "./railway-connection-types";
-
-type TGetAppConnectionFunc = (
-  app: AppConnection,
-  connectionId: string,
-  actor: OrgServiceActor
-) => Promise<TRailwayConnection>;
-
-export const railwayConnectionService = (getAppConnection: TGetAppConnectionFunc) => {
-  const listProjects = async (connectionId: string, actor: OrgServiceActor) => {
-    const appConnection = await getAppConnection(AppConnection.Railway, connectionId, actor);
-    try {
-      const projects = await getRailwayProjects(appConnection);
-
-      return projects;
-    } catch (error) {
-      logger.error(error, "Failed to establish connection with Railway");
-      return [];
-    }
-  };
-
-  return {
-    listProjects
-  };
-};

backend/src/services/app-connection/railway/railway-connection-types.ts

@@ -1,79 +0,0 @@
-import z from "zod";
-
-import { DiscriminativePick } from "@app/lib/types";
-
-import { AppConnection } from "../app-connection-enums";
-import {
-  CreateRailwayConnectionSchema,
-  RailwayConnectionSchema,
-  ValidateRailwayConnectionCredentialsSchema
-} from "./railway-connection-schemas";
-
-export type TRailwayConnection = z.infer<typeof RailwayConnectionSchema>;
-
-export type TRailwayConnectionInput = z.infer<typeof CreateRailwayConnectionSchema> & {
-  app: AppConnection.Railway;
-};
-
-export type TValidateRailwayConnectionCredentialsSchema = typeof ValidateRailwayConnectionCredentialsSchema;
-
-export type TRailwayConnectionConfig = DiscriminativePick<TRailwayConnection, "method" | "app" | "credentials"> & {
-  orgId: string;
-};
-
-export type TRailwayService = {
-  id: string;
-  name: string;
-};
-
-export type TRailwayEnvironment = {
-  id: string;
-  name: string;
-};
-
-export type RailwayProject = {
-  id: string;
-  name: string;
-  services: TRailwayService[];
-  environments: TRailwayEnvironment[];
-};
-
-export type TRailwayResponse<T = unknown> = {
-  data?: T;
-  errors?: {
-    message: string;
-  }[];
-};
-
-export type TAccountProjectListResponse = TRailwayResponse<{
-  projects: {
-    edges: TProjectEdge[];
-  };
-}>;
-
-export interface TProjectEdge {
-  node: {
-    id: string;
-    name: string;
-    services: {
-      edges: TServiceEdge[];
-    };
-    environments: {
-      edges: TEnvironmentEdge[];
-    };
-  };
-}
-
-type TServiceEdge = {
-  node: {
-    id: string;
-    name: string;
-  };
-};
-
-type TEnvironmentEdge = {
-  node: {
-    id: string;
-    name: string;
-  };
-};

backend/src/services/org-membership/org-membership-dal.ts

@@ -108,16 +108,16 @@ export const orgMembershipDALFactory = (db: TDbClient) => {
       const now = new Date();
       const oneWeekAgo = new Date(now.getTime() - 7 * 24 * 60 * 60 * 1000);
       const oneMonthAgo = new Date(now.getTime() - 30 * 24 * 60 * 60 * 1000);
-      const twelveMonthsAgo = new Date(now.getTime() - 360 * 24 * 60 * 60 * 1000);
+      const threeMonthsAgo = new Date(now.getTime() - 90 * 24 * 60 * 60 * 1000);
 
       const memberships = await db
         .replicaNode()(TableName.OrgMembership)
         .where("status", "invited")
         .where((qb) => {
-          // lastInvitedAt is null AND createdAt is between 1 week and 12 months ago
+          // lastInvitedAt is null AND createdAt is between 1 week and 3 months ago
           void qb
             .whereNull(`${TableName.OrgMembership}.lastInvitedAt`)
-            .whereBetween(`${TableName.OrgMembership}.createdAt`, [twelveMonthsAgo, oneWeekAgo]);
+            .whereBetween(`${TableName.OrgMembership}.createdAt`, [threeMonthsAgo, oneWeekAgo]);
         })
         .orWhere((qb) => {
           // lastInvitedAt is older than 1 week ago AND createdAt is younger than 1 month ago

backend/src/services/org/org-service.ts

@@ -36,8 +36,6 @@ import { getConfig } from "@app/lib/config/env";
 import { generateAsymmetricKeyPair } from "@app/lib/crypto";
 import { generateSymmetricKey, infisicalSymmetricDecrypt, infisicalSymmetricEncypt } from "@app/lib/crypto/encryption";
 import { generateUserSrpKeys } from "@app/lib/crypto/srp";
-import { applyJitter } from "@app/lib/dates";
-import { delay as delayMs } from "@app/lib/delay";
 import {
   BadRequestError,
   ForbiddenRequestError,
@@ -46,10 +44,9 @@ import {
   UnauthorizedError
 } from "@app/lib/errors";
 import { groupBy } from "@app/lib/fn";
-import { logger } from "@app/lib/logger";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
 import { isDisposableEmail } from "@app/lib/validator";
-import { QueueName, TQueueServiceFactory } from "@app/queue";
+import { TQueueServiceFactory } from "@app/queue";
 import { getDefaultOrgMembershipRoleForUpdateOrg } from "@app/services/org/org-role-fns";
 import { TOrgMembershipDALFactory } from "@app/services/org-membership/org-membership-dal";
 import { TUserAliasDALFactory } from "@app/services/user-alias/user-alias-dal";
@@ -912,6 +909,14 @@ export const orgServiceFactory = ({
 
         // if there exist no org membership we set is as given by the request
         if (!inviteeOrgMembership) {
+          if (plan?.slug !== "enterprise" && plan?.memberLimit && plan.membersUsed >= plan.memberLimit) {
+            // limit imposed on number of members allowed / number of members used exceeds the number of members allowed
+            throw new BadRequestError({
+              name: "InviteUser",
+              message: "Failed to invite member due to member limit reached. Upgrade plan to invite more members."
+            });
+          }
+
           if (plan?.slug !== "enterprise" && plan?.identityLimit && plan.identitiesUsed >= plan.identityLimit) {
             // limit imposed on number of identities allowed / number of identities used exceeds the number of identities allowed
             throw new BadRequestError({
@@ -1433,8 +1438,6 @@ export const orgServiceFactory = ({
    * Re-send emails to users who haven't accepted an invite yet
    */
   const notifyInvitedUsers = async () => {
-    logger.info(`${QueueName.DailyResourceCleanUp}: notify invited users started`);
-
     const invitedUsers = await orgMembershipDAL.findRecentInvitedMemberships();
     const appCfg = getConfig();
 
@@ -1458,9 +1461,6 @@ export const orgServiceFactory = ({
         });
 
         if (invitedUser.inviteEmail) {
-          await delayMs(Math.max(0, applyJitter(0, 2000)));
-
-          try {
           await smtpService.sendMail({
             template: SmtpTemplates.OrgInvite,
             subjectLine: `Reminder: You have been invited to ${org.name} on Infisical`,
@@ -1474,16 +1474,11 @@ export const orgServiceFactory = ({
             }
           });
           notifiedUsers.push(invitedUser.id);
-          } catch (err) {
-            logger.error(err, `${QueueName.DailyResourceCleanUp}: notify invited users failed to send email`);
-          }
         }
       })
     );
 
     await orgMembershipDAL.updateLastInvitedAtByIds(notifiedUsers);
-
-    logger.info(`${QueueName.DailyResourceCleanUp}: notify invited users completed`);
   };
 
   return {

backend/src/services/secret-folder/secret-folder-service.ts

@@ -214,7 +214,7 @@ export const secretFolderServiceFactory = ({
             }
           },
           message: "Folder created",
-          folderId: parentFolder.id,
+          folderId: doc.id,
           changes: [
             {
               type: CommitType.ADD,

backend/src/services/secret-sync/cloudflare-workers/cloudflare-workers-constants.ts

@@ -1,10 +0,0 @@
-import { AppConnection } from "@app/services/app-connection/app-connection-enums";
-import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
-import { TSecretSyncListItem } from "@app/services/secret-sync/secret-sync-types";
-
-export const CLOUDFLARE_WORKERS_SYNC_LIST_OPTION: TSecretSyncListItem = {
-  name: "Cloudflare Workers",
-  destination: SecretSync.CloudflareWorkers,
-  connection: AppConnection.Cloudflare,
-  canImportSecrets: false
-};

backend/src/services/secret-sync/cloudflare-workers/cloudflare-workers-fns.ts

@@ -1,121 +0,0 @@
-import { request } from "@app/lib/config/request";
-import { applyJitter } from "@app/lib/dates";
-import { delay as delayMs } from "@app/lib/delay";
-import { IntegrationUrls } from "@app/services/integration-auth/integration-list";
-import { matchesSchema } from "@app/services/secret-sync/secret-sync-fns";
-import { TSecretMap } from "@app/services/secret-sync/secret-sync-types";
-
-import { SECRET_SYNC_NAME_MAP } from "../secret-sync-maps";
-import { TCloudflareWorkersSyncWithCredentials } from "./cloudflare-workers-types";
-
-const getSecretKeys = async (secretSync: TCloudflareWorkersSyncWithCredentials): Promise<string[]> => {
-  const {
-    destinationConfig,
-    connection: {
-      credentials: { apiToken, accountId }
-    }
-  } = secretSync;
-
-  const { data } = await request.get<{
-    result: Array<{ name: string }>;
-  }>(
-    `${IntegrationUrls.CLOUDFLARE_WORKERS_API_URL}/client/v4/accounts/${accountId}/workers/scripts/${destinationConfig.scriptId}/secrets`,
-    {
-      headers: {
-        Authorization: `Bearer ${apiToken}`,
-        Accept: "application/json"
-      }
-    }
-  );
-
-  return data.result.map((s) => s.name);
-};
-
-export const CloudflareWorkersSyncFns = {
-  syncSecrets: async (secretSync: TCloudflareWorkersSyncWithCredentials, secretMap: TSecretMap) => {
-    const {
-      connection: {
-        credentials: { apiToken, accountId }
-      },
-      destinationConfig: { scriptId }
-    } = secretSync;
-
-    const existingSecretNames = await getSecretKeys(secretSync);
-    const secretMapKeys = new Set(Object.keys(secretMap));
-
-    for await (const [key, val] of Object.entries(secretMap)) {
-      await delayMs(Math.max(0, applyJitter(100, 200)));
-      await request.put(
-        `${IntegrationUrls.CLOUDFLARE_WORKERS_API_URL}/client/v4/accounts/${accountId}/workers/scripts/${scriptId}/secrets`,
-        { name: key, text: val.value, type: "secret_text" },
-        {
-          headers: {
-            Authorization: `Bearer ${apiToken}`,
-            "Content-Type": "application/json"
-          }
-        }
-      );
-    }
-
-    if (!secretSync.syncOptions.disableSecretDeletion) {
-      const secretsToDelete = existingSecretNames.filter((existingKey) => {
-        const isManagedBySchema = matchesSchema(
-          existingKey,
-          secretSync.environment?.slug || "",
-          secretSync.syncOptions.keySchema
-        );
-        const isInNewSecretMap = secretMapKeys.has(existingKey);
-        return !isInNewSecretMap && isManagedBySchema;
-      });
-
-      for await (const key of secretsToDelete) {
-        await delayMs(Math.max(0, applyJitter(100, 200)));
-        await request.delete(
-          `${IntegrationUrls.CLOUDFLARE_WORKERS_API_URL}/client/v4/accounts/${accountId}/workers/scripts/${scriptId}/secrets/${key}`,
-          {
-            headers: {
-              Authorization: `Bearer ${apiToken}`
-            }
-          }
-        );
-      }
-    }
-  },
-
-  getSecrets: async (secretSync: TCloudflareWorkersSyncWithCredentials): Promise<TSecretMap> => {
-    throw new Error(`${SECRET_SYNC_NAME_MAP[secretSync.destination]} does not support importing secrets.`);
-  },
-
-  removeSecrets: async (secretSync: TCloudflareWorkersSyncWithCredentials, secretMap: TSecretMap) => {
-    const {
-      connection: {
-        credentials: { apiToken, accountId }
-      },
-      destinationConfig: { scriptId }
-    } = secretSync;
-
-    const existingSecretNames = await getSecretKeys(secretSync);
-    const secretMapToRemoveKeys = new Set(Object.keys(secretMap));
-
-    for await (const existingKey of existingSecretNames) {
-      const isManagedBySchema = matchesSchema(
-        existingKey,
-        secretSync.environment?.slug || "",
-        secretSync.syncOptions.keySchema
-      );
-      const isInSecretMapToRemove = secretMapToRemoveKeys.has(existingKey);
-
-      if (isInSecretMapToRemove && isManagedBySchema) {
-        await delayMs(Math.max(0, applyJitter(100, 200)));
-        await request.delete(
-          `${IntegrationUrls.CLOUDFLARE_WORKERS_API_URL}/client/v4/accounts/${accountId}/workers/scripts/${scriptId}/secrets/${existingKey}`,
-          {
-            headers: {
-              Authorization: `Bearer ${apiToken}`
-            }
-          }
-        );
-      }
-    }
-  }
-};

backend/src/services/secret-sync/cloudflare-workers/cloudflare-workers-schemas.ts

@@ -1,55 +0,0 @@
-import RE2 from "re2";
-import { z } from "zod";
-
-import { SecretSyncs } from "@app/lib/api-docs";
-import { AppConnection } from "@app/services/app-connection/app-connection-enums";
-import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
-import {
-  BaseSecretSyncSchema,
-  GenericCreateSecretSyncFieldsSchema,
-  GenericUpdateSecretSyncFieldsSchema
-} from "@app/services/secret-sync/secret-sync-schemas";
-import { TSyncOptionsConfig } from "@app/services/secret-sync/secret-sync-types";
-
-const CloudflareWorkersSyncDestinationConfigSchema = z.object({
-  scriptId: z
-    .string()
-    .min(1, "Script ID is required")
-    .max(64)
-    .refine((val) => {
-      const re2 = new RE2(/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/);
-      return re2.test(val);
-    }, "Invalid script ID format")
-    .describe(SecretSyncs.DESTINATION_CONFIG.CLOUDFLARE_WORKERS.scriptId)
-});
-
-const CloudflareWorkersSyncOptionsConfig: TSyncOptionsConfig = { canImportSecrets: false };
-
-export const CloudflareWorkersSyncSchema = BaseSecretSyncSchema(
-  SecretSync.CloudflareWorkers,
-  CloudflareWorkersSyncOptionsConfig
-).extend({
-  destination: z.literal(SecretSync.CloudflareWorkers),
-  destinationConfig: CloudflareWorkersSyncDestinationConfigSchema
-});
-
-export const CreateCloudflareWorkersSyncSchema = GenericCreateSecretSyncFieldsSchema(
-  SecretSync.CloudflareWorkers,
-  CloudflareWorkersSyncOptionsConfig
-).extend({
-  destinationConfig: CloudflareWorkersSyncDestinationConfigSchema
-});
-
-export const UpdateCloudflareWorkersSyncSchema = GenericUpdateSecretSyncFieldsSchema(
-  SecretSync.CloudflareWorkers,
-  CloudflareWorkersSyncOptionsConfig
-).extend({
-  destinationConfig: CloudflareWorkersSyncDestinationConfigSchema.optional()
-});
-
-export const CloudflareWorkersSyncListItemSchema = z.object({
-  name: z.literal("Cloudflare Workers"),
-  connection: z.literal(AppConnection.Cloudflare),
-  destination: z.literal(SecretSync.CloudflareWorkers),
-  canImportSecrets: z.literal(false)
-});

backend/src/services/secret-sync/cloudflare-workers/cloudflare-workers-types.ts

@@ -1,19 +0,0 @@
-import z from "zod";
-
-import { TCloudflareConnection } from "@app/services/app-connection/cloudflare/cloudflare-connection-types";
-
-import {
-  CloudflareWorkersSyncListItemSchema,
-  CloudflareWorkersSyncSchema,
-  CreateCloudflareWorkersSyncSchema
-} from "./cloudflare-workers-schemas";
-
-export type TCloudflareWorkersSyncListItem = z.infer<typeof CloudflareWorkersSyncListItemSchema>;
-
-export type TCloudflareWorkersSync = z.infer<typeof CloudflareWorkersSyncSchema>;
-
-export type TCloudflareWorkersSyncInput = z.infer<typeof CreateCloudflareWorkersSyncSchema>;
-
-export type TCloudflareWorkersSyncWithCredentials = TCloudflareWorkersSync & {
-  connection: TCloudflareConnection;
-};

backend/src/services/secret-sync/cloudflare-workers/index.ts

@@ -1,4 +0,0 @@
-export * from "./cloudflare-workers-constants";
-export * from "./cloudflare-workers-fns";
-export * from "./cloudflare-workers-schemas";
-export * from "./cloudflare-workers-types";

backend/src/services/secret-sync/railway/railway-sync-constants.ts

@@ -1,10 +0,0 @@
-import { AppConnection } from "@app/services/app-connection/app-connection-enums";
-import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
-import { TSecretSyncListItem } from "@app/services/secret-sync/secret-sync-types";
-
-export const RAILWAY_SYNC_LIST_OPTION: TSecretSyncListItem = {
-  name: "Railway",
-  destination: SecretSync.Railway,
-  connection: AppConnection.Railway,
-  canImportSecrets: true
-};

backend/src/services/secret-sync/railway/railway-sync-fns.ts

@@ -1,124 +0,0 @@
-/* eslint-disable @typescript-eslint/no-unsafe-member-access */
-/* eslint-disable @typescript-eslint/no-unsafe-assignment */
-
-import { RailwayPublicAPI } from "@app/services/app-connection/railway/railway-connection-public-client";
-import { matchesSchema } from "@app/services/secret-sync/secret-sync-fns";
-
-import { SecretSyncError } from "../secret-sync-errors";
-import { TSecretMap } from "../secret-sync-types";
-import { TRailwaySyncWithCredentials } from "./railway-sync-types";
-
-export const RailwaySyncFns = {
-  async getSecrets(secretSync: TRailwaySyncWithCredentials): Promise<TSecretMap> {
-    try {
-      const config = secretSync.destinationConfig;
-
-      const variables = await RailwayPublicAPI.getVariables(secretSync.connection, {
-        projectId: config.projectId,
-        environmentId: config.environmentId,
-        serviceId: config.serviceId || undefined
-      });
-
-      const entries = {} as TSecretMap;
-
-      for (const [key, value] of Object.entries(variables)) {
-        // Skip importing private railway variables
-        // eslint-disable-next-line no-continue
-        if (key.startsWith("RAILWAY_")) continue;
-
-        entries[key] = {
-          value
-        };
-      }
-
-      return entries;
-    } catch (error) {
-      throw new SecretSyncError({
-        error,
-        message: "Failed to import secrets from Railway"
-      });
-    }
-  },
-
-  async syncSecrets(secretSync: TRailwaySyncWithCredentials, secretMap: TSecretMap) {
-    const {
-      environment,
-      syncOptions: { disableSecretDeletion, keySchema }
-    } = secretSync;
-    const railwaySecrets = await this.getSecrets(secretSync);
-    const config = secretSync.destinationConfig;
-
-    for await (const key of Object.keys(secretMap)) {
-      try {
-        const existing = railwaySecrets[key];
-
-        if (existing === undefined || existing.value !== secretMap[key].value) {
-          await RailwayPublicAPI.upsertVariable(secretSync.connection, {
-            input: {
-              projectId: config.projectId,
-              environmentId: config.environmentId,
-              serviceId: config.serviceId || undefined,
-              name: key,
-              value: secretMap[key].value ?? ""
-            }
-          });
-        }
-      } catch (error) {
-        throw new SecretSyncError({
-          error,
-          secretKey: key
-        });
-      }
-    }
-
-    if (disableSecretDeletion) return;
-
-    for await (const key of Object.keys(railwaySecrets)) {
-      try {
-        // eslint-disable-next-line no-continue
-        if (!matchesSchema(key, environment?.slug || "", keySchema)) continue;
-
-        if (!secretMap[key]) {
-          await RailwayPublicAPI.deleteVariable(secretSync.connection, {
-            input: {
-              projectId: config.projectId,
-              environmentId: config.environmentId,
-              serviceId: config.serviceId || undefined,
-              name: key
-            }
-          });
-        }
-      } catch (error) {
-        throw new SecretSyncError({
-          error,
-          secretKey: key
-        });
-      }
-    }
-  },
-
-  async removeSecrets(secretSync: TRailwaySyncWithCredentials, secretMap: TSecretMap) {
-    const existing = await this.getSecrets(secretSync);
-    const config = secretSync.destinationConfig;
-
-    for await (const secret of Object.keys(existing)) {
-      try {
-        if (secret in secretMap) {
-          await RailwayPublicAPI.deleteVariable(secretSync.connection, {
-            input: {
-              projectId: config.projectId,
-              environmentId: config.environmentId,
-              serviceId: config.serviceId || undefined,
-              name: secret
-            }
-          });
-        }
-      } catch (error) {
-        throw new SecretSyncError({
-          error,
-          secretKey: secret
-        });
-      }
-    }
-  }
-};

backend/src/services/secret-sync/railway/railway-sync-schemas.ts

@@ -1,56 +0,0 @@
-import { z } from "zod";
-
-import { SecretSyncs } from "@app/lib/api-docs";
-import { AppConnection } from "@app/services/app-connection/app-connection-enums";
-import { SecretSync } from "@app/services/secret-sync/secret-sync-enums";
-import {
-  BaseSecretSyncSchema,
-  GenericCreateSecretSyncFieldsSchema,
-  GenericUpdateSecretSyncFieldsSchema
-} from "@app/services/secret-sync/secret-sync-schemas";
-import { TSyncOptionsConfig } from "@app/services/secret-sync/secret-sync-types";
-
-const RailwaySyncDestinationConfigSchema = z.object({
-  projectId: z
-    .string()
-    .trim()
-    .min(1, "Railway project ID required")
-    .describe(SecretSyncs.DESTINATION_CONFIG.RAILWAY.projectId),
-  projectName: z.string().trim().describe(SecretSyncs.DESTINATION_CONFIG.RAILWAY.projectName),
-  environmentId: z
-    .string()
-    .trim()
-    .min(1, "Railway environment ID required")
-    .describe(SecretSyncs.DESTINATION_CONFIG.RAILWAY.environmentId),
-  environmentName: z.string().trim().describe(SecretSyncs.DESTINATION_CONFIG.RAILWAY.environmentName),
-  serviceId: z.string().optional().describe(SecretSyncs.DESTINATION_CONFIG.RAILWAY.serviceId),
-  serviceName: z.string().optional().describe(SecretSyncs.DESTINATION_CONFIG.RAILWAY.serviceName)
-});
-
-const RailwaySyncOptionsConfig: TSyncOptionsConfig = { canImportSecrets: true };
-
-export const RailwaySyncSchema = BaseSecretSyncSchema(SecretSync.Railway, RailwaySyncOptionsConfig).extend({
-  destination: z.literal(SecretSync.Railway),
-  destinationConfig: RailwaySyncDestinationConfigSchema
-});
-
-export const CreateRailwaySyncSchema = GenericCreateSecretSyncFieldsSchema(
-  SecretSync.Railway,
-  RailwaySyncOptionsConfig
-).extend({
-  destinationConfig: RailwaySyncDestinationConfigSchema
-});
-
-export const UpdateRailwaySyncSchema = GenericUpdateSecretSyncFieldsSchema(
-  SecretSync.Railway,
-  RailwaySyncOptionsConfig
-).extend({
-  destinationConfig: RailwaySyncDestinationConfigSchema.optional()
-});
-
-export const RailwaySyncListItemSchema = z.object({
-  name: z.literal("Railway"),
-  connection: z.literal(AppConnection.Railway),
-  destination: z.literal(SecretSync.Railway),
-  canImportSecrets: z.literal(true)
-});

backend/src/services/secret-sync/railway/railway-sync-types.ts

@@ -1,31 +0,0 @@
-import z from "zod";
-
-import { TRailwayConnection } from "@app/services/app-connection/railway";
-
-import { CreateRailwaySyncSchema, RailwaySyncListItemSchema, RailwaySyncSchema } from "./railway-sync-schemas";
-
-export type TRailwaySyncListItem = z.infer<typeof RailwaySyncListItemSchema>;
-
-export type TRailwaySync = z.infer<typeof RailwaySyncSchema>;
-
-export type TRailwaySyncInput = z.infer<typeof CreateRailwaySyncSchema>;
-
-export type TRailwaySyncWithCredentials = TRailwaySync & {
-  connection: TRailwayConnection;
-};
-
-export type TRailwaySecret = {
-  createdAt: string;
-  environmentId?: string | null;
-  id: string;
-  isSealed: boolean;
-  name: string;
-  serviceId?: string | null;
-  updatedAt: string;
-};
-
-export type TRailwayVariablesGraphResponse = {
-  data: {
-    variables: Record<string, string>;
-  };
-};

backend/src/services/secret-sync/secret-sync-enums.ts

@@ -21,10 +21,7 @@ export enum SecretSync {
   Flyio = "flyio",
   GitLab = "gitlab",
   CloudflarePages = "cloudflare-pages",
-  CloudflareWorkers = "cloudflare-workers",
+  Zabbix = "zabbix"
-
-  Zabbix = "zabbix",
-  Railway = "railway"
 }
 
 export enum SecretSyncInitialSyncBehavior {

backend/src/services/secret-sync/secret-sync-fns.ts

@@ -31,7 +31,6 @@ import { AZURE_KEY_VAULT_SYNC_LIST_OPTION, azureKeyVaultSyncFactory } from "./az
 import { CAMUNDA_SYNC_LIST_OPTION, camundaSyncFactory } from "./camunda";
 import { CLOUDFLARE_PAGES_SYNC_LIST_OPTION } from "./cloudflare-pages/cloudflare-pages-constants";
 import { CloudflarePagesSyncFns } from "./cloudflare-pages/cloudflare-pages-fns";
-import { CLOUDFLARE_WORKERS_SYNC_LIST_OPTION, CloudflareWorkersSyncFns } from "./cloudflare-workers";
 import { FLYIO_SYNC_LIST_OPTION, FlyioSyncFns } from "./flyio";
 import { GCP_SYNC_LIST_OPTION } from "./gcp";
 import { GcpSyncFns } from "./gcp/gcp-sync-fns";
@@ -40,8 +39,6 @@ import { HC_VAULT_SYNC_LIST_OPTION, HCVaultSyncFns } from "./hc-vault";
 import { HEROKU_SYNC_LIST_OPTION, HerokuSyncFns } from "./heroku";
 import { HUMANITEC_SYNC_LIST_OPTION } from "./humanitec";
 import { HumanitecSyncFns } from "./humanitec/humanitec-sync-fns";
-import { RAILWAY_SYNC_LIST_OPTION } from "./railway/railway-sync-constants";
-import { RailwaySyncFns } from "./railway/railway-sync-fns";
 import { RENDER_SYNC_LIST_OPTION, RenderSyncFns } from "./render";
 import { SECRET_SYNC_PLAN_MAP } from "./secret-sync-maps";
 import { TEAMCITY_SYNC_LIST_OPTION, TeamCitySyncFns } from "./teamcity";
@@ -73,10 +70,7 @@ const SECRET_SYNC_LIST_OPTIONS: Record<SecretSync, TSecretSyncListItem> = {
   [SecretSync.Flyio]: FLYIO_SYNC_LIST_OPTION,
   [SecretSync.GitLab]: GITLAB_SYNC_LIST_OPTION,
   [SecretSync.CloudflarePages]: CLOUDFLARE_PAGES_SYNC_LIST_OPTION,
-  [SecretSync.CloudflareWorkers]: CLOUDFLARE_WORKERS_SYNC_LIST_OPTION,
+  [SecretSync.Zabbix]: ZABBIX_SYNC_LIST_OPTION
-
-  [SecretSync.Zabbix]: ZABBIX_SYNC_LIST_OPTION,
-  [SecretSync.Railway]: RAILWAY_SYNC_LIST_OPTION
 };
 
 export const listSecretSyncOptions = () => {
@@ -244,12 +238,8 @@ export const SecretSyncFns = {
         return GitLabSyncFns.syncSecrets(secretSync, schemaSecretMap, { appConnectionDAL, kmsService });
       case SecretSync.CloudflarePages:
         return CloudflarePagesSyncFns.syncSecrets(secretSync, schemaSecretMap);
-      case SecretSync.CloudflareWorkers:
-        return CloudflareWorkersSyncFns.syncSecrets(secretSync, schemaSecretMap);
       case SecretSync.Zabbix:
         return ZabbixSyncFns.syncSecrets(secretSync, schemaSecretMap);
-      case SecretSync.Railway:
-        return RailwaySyncFns.syncSecrets(secretSync, schemaSecretMap);
       default:
         throw new Error(
           `Unhandled sync destination for sync secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`
@@ -342,15 +332,9 @@ export const SecretSyncFns = {
       case SecretSync.CloudflarePages:
         secretMap = await CloudflarePagesSyncFns.getSecrets(secretSync);
         break;
-      case SecretSync.CloudflareWorkers:
-        secretMap = await CloudflareWorkersSyncFns.getSecrets(secretSync);
-        break;
       case SecretSync.Zabbix:
         secretMap = await ZabbixSyncFns.getSecrets(secretSync);
         break;
-      case SecretSync.Railway:
-        secretMap = await RailwaySyncFns.getSecrets(secretSync);
-        break;
       default:
         throw new Error(
           `Unhandled sync destination for get secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`
@@ -428,12 +412,8 @@ export const SecretSyncFns = {
         return GitLabSyncFns.removeSecrets(secretSync, schemaSecretMap, { appConnectionDAL, kmsService });
       case SecretSync.CloudflarePages:
         return CloudflarePagesSyncFns.removeSecrets(secretSync, schemaSecretMap);
-      case SecretSync.CloudflareWorkers:
-        return CloudflareWorkersSyncFns.removeSecrets(secretSync, schemaSecretMap);
       case SecretSync.Zabbix:
         return ZabbixSyncFns.removeSecrets(secretSync, schemaSecretMap);
-      case SecretSync.Railway:
-        return RailwaySyncFns.removeSecrets(secretSync, schemaSecretMap);
       default:
         throw new Error(
           `Unhandled sync destination for remove secrets fns: ${(secretSync as TSecretSyncWithCredentials).destination}`

backend/src/services/secret-sync/secret-sync-maps.ts

@@ -24,10 +24,7 @@ export const SECRET_SYNC_NAME_MAP: Record<SecretSync, string> = {
   [SecretSync.Flyio]: "Fly.io",
   [SecretSync.GitLab]: "GitLab",
   [SecretSync.CloudflarePages]: "Cloudflare Pages",
-  [SecretSync.CloudflareWorkers]: "Cloudflare Workers",
+  [SecretSync.Zabbix]: "Zabbix"
-
-  [SecretSync.Zabbix]: "Zabbix",
-  [SecretSync.Railway]: "Railway"
 };
 
 export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
@@ -53,10 +50,7 @@ export const SECRET_SYNC_CONNECTION_MAP: Record<SecretSync, AppConnection> = {
   [SecretSync.Flyio]: AppConnection.Flyio,
   [SecretSync.GitLab]: AppConnection.GitLab,
   [SecretSync.CloudflarePages]: AppConnection.Cloudflare,
-  [SecretSync.CloudflareWorkers]: AppConnection.Cloudflare,
+  [SecretSync.Zabbix]: AppConnection.Zabbix
-
-  [SecretSync.Zabbix]: AppConnection.Zabbix,
-  [SecretSync.Railway]: AppConnection.Railway
 };
 
 export const SECRET_SYNC_PLAN_MAP: Record<SecretSync, SecretSyncPlanType> = {
@@ -82,8 +76,5 @@ export const SECRET_SYNC_PLAN_MAP: Record<SecretSync, SecretSyncPlanType> = {
   [SecretSync.Flyio]: SecretSyncPlanType.Regular,
   [SecretSync.GitLab]: SecretSyncPlanType.Regular,
   [SecretSync.CloudflarePages]: SecretSyncPlanType.Regular,
-  [SecretSync.CloudflareWorkers]: SecretSyncPlanType.Regular,
+  [SecretSync.Zabbix]: SecretSyncPlanType.Regular
-
-  [SecretSync.Zabbix]: SecretSyncPlanType.Regular,
-  [SecretSync.Railway]: SecretSyncPlanType.Regular
 };

backend/src/services/secret-sync/secret-sync-types.ts

@@ -78,12 +78,6 @@ import {
   TCloudflarePagesSyncListItem,
   TCloudflarePagesSyncWithCredentials
 } from "./cloudflare-pages/cloudflare-pages-types";
-import {
-  TCloudflareWorkersSync,
-  TCloudflareWorkersSyncInput,
-  TCloudflareWorkersSyncListItem,
-  TCloudflareWorkersSyncWithCredentials
-} from "./cloudflare-workers";
 import { TFlyioSync, TFlyioSyncInput, TFlyioSyncListItem, TFlyioSyncWithCredentials } from "./flyio/flyio-sync-types";
 import { TGcpSync, TGcpSyncInput, TGcpSyncListItem, TGcpSyncWithCredentials } from "./gcp";
 import { TGitLabSync, TGitLabSyncInput, TGitLabSyncListItem, TGitLabSyncWithCredentials } from "./gitlab";
@@ -100,12 +94,6 @@ import {
   THumanitecSyncListItem,
   THumanitecSyncWithCredentials
 } from "./humanitec";
-import {
-  TRailwaySync,
-  TRailwaySyncInput,
-  TRailwaySyncListItem,
-  TRailwaySyncWithCredentials
-} from "./railway/railway-sync-types";
 import {
   TRenderSync,
   TRenderSyncInput,
@@ -150,9 +138,7 @@ export type TSecretSync =
   | TFlyioSync
   | TGitLabSync
   | TCloudflarePagesSync
-  | TCloudflareWorkersSync
+  | TZabbixSync;
-  | TZabbixSync
-  | TRailwaySync;
 
 export type TSecretSyncWithCredentials =
   | TAwsParameterStoreSyncWithCredentials
@@ -177,9 +163,7 @@ export type TSecretSyncWithCredentials =
   | TFlyioSyncWithCredentials
   | TGitLabSyncWithCredentials
   | TCloudflarePagesSyncWithCredentials
-  | TCloudflareWorkersSyncWithCredentials
+  | TZabbixSyncWithCredentials;
-  | TZabbixSyncWithCredentials
-  | TRailwaySyncWithCredentials;
 
 export type TSecretSyncInput =
   | TAwsParameterStoreSyncInput
@@ -204,9 +188,7 @@ export type TSecretSyncInput =
   | TFlyioSyncInput
   | TGitLabSyncInput
   | TCloudflarePagesSyncInput
-  | TCloudflareWorkersSyncInput
+  | TZabbixSyncInput;
-  | TZabbixSyncInput
-  | TRailwaySyncInput;
 
 export type TSecretSyncListItem =
   | TAwsParameterStoreSyncListItem
@@ -231,9 +213,7 @@ export type TSecretSyncListItem =
   | TFlyioSyncListItem
   | TGitLabSyncListItem
   | TCloudflarePagesSyncListItem
-  | TCloudflareWorkersSyncListItem
+  | TZabbixSyncListItem;
-  | TZabbixSyncListItem
-  | TRailwaySyncListItem;
 
 export type TSyncOptionsConfig = {
   canImportSecrets: boolean;

docs/Dockerfile

@@ -1,36 +0,0 @@
-FROM node:20-alpine AS builder
-
-WORKDIR /app
-
-RUN npm install -g mint@4.2.13
-
-COPY . .
-
-# Install a local version of our OpenAPI spec
-RUN apk add --no-cache wget jq && \
-    wget -O spec.json https://app.infisical.com/api/docs/json && \
-    jq '.api.openapi = "./spec.json"' docs.json > temp.json && \
-    mv temp.json docs.json
-
-# Run mint dev briefly to download the web client
-RUN timeout 30 mint dev || true
-
-FROM node:20-alpine
-
-WORKDIR /app
-
-RUN addgroup -g 1001 -S mintuser && \
-    adduser -S -D -H -u 1001 -s /sbin/nologin -G mintuser mintuser && \
-    npm install -g mint@4.2.13
-
-COPY --chown=mintuser:mintuser . .
-
-COPY --from=builder --chown=mintuser:mintuser /root/.mintlify /home/mintuser/.mintlify
-COPY --from=builder --chown=mintuser:mintuser /app/docs.json /app/docs.json
-COPY --from=builder --chown=mintuser:mintuser /app/spec.json /app/spec.json
-
-USER mintuser
-
-EXPOSE 3000
-
-CMD ["mint", "dev"]

docs/api-reference/endpoints/app-connections/railway/available.mdx

@@ -1,4 +0,0 @@
----
-title: "Available"
-openapi: "GET /api/v1/app-connections/railway/available"
----

docs/api-reference/endpoints/app-connections/railway/create.mdx

@@ -1,8 +0,0 @@
----
-title: "Create"
-openapi: "POST /api/v1/app-connections/railway"
----
-
-<Note>
-    Check out the configuration docs for [Railway Connections](/integrations/app-connections/railway) to learn how to obtain the required credentials.
-</Note>

docs/api-reference/endpoints/app-connections/railway/delete.mdx

@@ -1,4 +0,0 @@
----
-title: "Delete"
-openapi: "DELETE /api/v1/app-connections/railway/{connectionId}"
----

docs/api-reference/endpoints/app-connections/railway/get-by-id.mdx

@@ -1,4 +0,0 @@
----
-title: "Get by ID"
-openapi: "GET /api/v1/app-connections/railway/{connectionId}"
----

docs/api-reference/endpoints/app-connections/railway/get-by-name.mdx

@@ -1,4 +0,0 @@
----
-title: "Get by Name"
-openapi: "GET /api/v1/app-connections/railway/connection-name/{connectionName}"
----

docs/api-reference/endpoints/app-connections/railway/list.mdx

@@ -1,4 +0,0 @@
----
-title: "List"
-openapi: "GET /api/v1/app-connections/railway"
----

docs/api-reference/endpoints/app-connections/railway/update.mdx

@@ -1,8 +0,0 @@
----
-title: "Update"
-openapi: "PATCH /api/v1/app-connections/railway/{connectionId}"
----
-
-<Note>
-    Check out the configuration docs for [Railway Connections](/integrations/app-connections/railway) to learn how to obtain the required credentials.
-</Note>

docs/api-reference/endpoints/secret-syncs/cloudflare-workers/create.mdx

@@ -1,4 +0,0 @@
----
-title: "Create"
-openapi: "POST /api/v1/secret-syncs/cloudflare-workers"
----

docs/api-reference/endpoints/secret-syncs/cloudflare-workers/delete.mdx

@@ -1,4 +0,0 @@
----
-title: "Delete"
-openapi: "DELETE /api/v1/secret-syncs/cloudflare-workers/{syncId}"
----

docs/api-reference/endpoints/secret-syncs/cloudflare-workers/get-by-id.mdx

@@ -1,4 +0,0 @@
----
-title: "Get by ID"
-openapi: "GET /api/v1/secret-syncs/cloudflare-workers/{syncId}"
----

docs/api-reference/endpoints/secret-syncs/cloudflare-workers/get-by-name.mdx

@@ -1,4 +0,0 @@
----
-title: "Get by Name"
-openapi: "GET /api/v1/secret-syncs/cloudflare-workers/sync-name/{syncName}"
----

docs/api-reference/endpoints/secret-syncs/cloudflare-workers/list.mdx

@@ -1,4 +0,0 @@
----
-title: "List"
-openapi: "GET /api/v1/secret-syncs/cloudflare-workers"
----

docs/api-reference/endpoints/secret-syncs/cloudflare-workers/remove-secrets.mdx

@@ -1,4 +0,0 @@
----
-title: "Remove Secrets"
-openapi: "POST /api/v1/secret-syncs/cloudflare-workers/{syncId}/remove-secrets"
----

docs/api-reference/endpoints/secret-syncs/cloudflare-workers/sync-secrets.mdx

@@ -1,4 +0,0 @@
----
-title: "Sync Secrets"
-openapi: "POST /api/v1/secret-syncs/cloudflare-workers/{syncId}/sync-secrets"
----

docs/api-reference/endpoints/secret-syncs/cloudflare-workers/update.mdx

@@ -1,4 +0,0 @@
----
-title: "Update"
-openapi: "PATCH /api/v1/secret-syncs/cloudflare-workers/{syncId}"
----

docs/api-reference/endpoints/secret-syncs/railway/create.mdx

@@ -1,4 +0,0 @@
----
-title: "Create"
-openapi: "POST /api/v1/secret-syncs/railway"
----

docs/api-reference/endpoints/secret-syncs/railway/delete.mdx

@@ -1,4 +0,0 @@
----
-title: "Delete"
-openapi: "DELETE /api/v1/secret-syncs/railway/{syncId}"
----

docs/api-reference/endpoints/secret-syncs/railway/get-by-id.mdx

@@ -1,4 +0,0 @@
----
-title: "Get by ID"
-openapi: "GET /api/v1/secret-syncs/railway/{syncId}"
----

docs/api-reference/endpoints/secret-syncs/railway/get-by-name.mdx

@@ -1,4 +0,0 @@
----
-title: "Get by Name"
-openapi: "GET /api/v1/secret-syncs/railway/sync-name/{syncName}"
----

docs/api-reference/endpoints/secret-syncs/railway/import-secrets.mdx

@@ -1,4 +0,0 @@
----
-title: "Import Secrets"
-openapi: "POST /api/v1/secret-syncs/railway/{syncId}/import-secrets"
----

docs/api-reference/endpoints/secret-syncs/railway/list.mdx

@@ -1,4 +0,0 @@
----
-title: "List"
-openapi: "GET /api/v1/secret-syncs/railway"
----

docs/api-reference/endpoints/secret-syncs/railway/remove-secrets.mdx

@@ -1,4 +0,0 @@
----
-title: "Remove Secrets"
-openapi: "POST /api/v1/secret-syncs/railway/{syncId}/remove-secrets"
----